Recently, I needed to build a project for OpenStack that required that I not know the end-user’s authentication method. I had used the clouds.yaml (cloud configuration file) approach before, so I thought I’d give it a go and test it out with a few authentication scenarios I’m familiar with. I found, not to my surprise, that there were no examples showing how to use this very handy configuration file format with anything besides the standard “v3password” mechanism. Boring. 

Here’s an example of using the v3samlpassword authentication method (SAML 2.0 ECP) using the same dummy data used from a related article – Use OpenStack CLI with SAML 2.0 ECP

If you get an error such as “Missing value identity-provider-url required for auth plugin v3samlpassword” or if you do not see “v3samlpassword” listed in “–os-auth-type” when running “openstack –help”, you need to install “lxml” into your available Python packages. You can do this using a package manager or using “pip install lxml”.

(venv) [email protected]:~> cat clouds.yaml 
clouds:
  ellingson:
    auth_type: v3samlpassword
    auth_url: https://cloud.example.org:13000/v3
    auth:
      project_id: __MYPROJECTID__
      project_name: __MYPROJECT__
      project_domain_name: __MYDOMAIN__
    username: __MYUSERNAME__
    password: __MYPASSWORD__
    # Federation Identity Provider (IdP) can be found using the following:
    # openstack identity provider list
    identity_provider: __MYIDP__
    # Federation protocol can be found using the following:
    # openstack federation protocol list --identity-provider "__MYIDP__"
    protocol: __MYPROTOCOL__
    identity_provider_url: https://example.org/idp/saml2/idp/SSOService.php
    region_name: regionOne
    interface: public
    version: 3
    cacert: /path/to/server-ca.crt

Pin It on Pinterest

Share This