Create a `keystoneauth` plugin

mnaser commented 11 months ago

When using Keycloak to authenticate to the cloud, there's not an easy way to login to the cloud. The ideal flow would be a driver that does the following:

Given an OS_AUTH_URL, OS_IDENTITY_PROVIDER (defaults to atmosphere), and OS_IDENTITY_PROVIDER_PROTOCOL (defaults to openid)
Server a server on localhost with some random port and wait for POST
Open a new window redirecting to a URL with those environment (or CLI variables)
Start going through normal WebSSO flow with redirect to a URL on localhost with above random port
Capture unscoped token through POST and send that over to openstacksdk.

This will probably end up on another repository, and the only server side change would be that trusted_dashboards will have to change as well.

mnaser commented 5 months ago

This is now completed inside

https://github.com/vexxhost/keystoneauth-websso

The only missing piece is adding the trusted_dashboards and documenting it.

mnaser commented 1 month ago

That's all done with documentation living here:

https://vexxhost.github.io/atmosphere/quick-start.html#single-sign-on-sso

vexxhost / atmosphere

Create a `keystoneauth` plugin #737