Authentication Through OpenStack Keystone
Overview
Keystoneis an OpenStack service that provides API client authentication, service discovery, and distributed multi-tenant authorization.
OpenStack Keystone connector supports offline_access
and groups
scopes. To use this connector, create a domain and user with an admin role, then specify the credentials in the configuration file (see the example below).
OpenStack Keystone exposes the Identity API v3to work with dex.
Configuration
The following is an example of an OpenStack Keystone configuration for dex:
connectors:
- type: keystone
# Required field for connector id.
id: keystone
# Required field for connector name.
name: Keystone
config:
# Required, without v3 suffix.
keystoneHost: http://example:5000
# Required, admin user credentials to connect to keystone.
domain: default
keystoneUsername: demo
keystonePassword: DEMO_PASS