Authentication Through OpenStack Keystone

Overview

Keystoneis an OpenStack service that provides API client authentication, service discovery, and distributed multi-tenant authorization.

OpenStack Keystone connector supports offline_access and groups scopes. To use this connector, create a domain and user with an admin role, then specify the credentials in the configuration file (see the example below).

OpenStack Keystone exposes the Identity API v3to work with dex.

Configuration

The following is an example of an OpenStack Keystone configuration for dex:

  1. connectors:
  2.   - type: keystone
  3.     # Required field for connector id.
  4.     id: keystone
  5.     # Required field for connector name.
  6.     name: Keystone
  7.     config:
  8.       # Required, without v3 suffix.
  9.       keystoneHost: http://example:5000
  10.       # Required, admin user credentials to connect to keystone.
  11.       domain: default
  12.       keystoneUsername: demo 
  13.       keystonePassword: DEMO_PASS