Basically, in comparison with part 1, the Openstack authentication against the Keystone server is now achieved by OpenAM itself, thanks to a specialized authentication module.
Our belgium partners Paradigmo ( http://paradigmo.com/2014/05/06/forgerock-openam-integration-openstack-keystone/ ) enhanced the previous solution exposed in part 1.
This authentication module is also responsible for storing the Keystone token in the user’s OpenAM session, so that it can be later retrieved by the J2EE agent running in the OpenIG web container.
Yet, OpenIG remains, to add keystone tokens to client requests on the fly.
This architecture leverages OpenAM authentication framework and API’s and also benefits from OpenAM session failover feature if enabled. It also makes it easier to store and retrieve Keystone tokens than if it’d been implemented on the OpenIG side.
The diagram below depicts OpenIG internals …
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
Les derniers articles par janua (tout voir)
- Janua recrute un(e) architecte senior IAM – Directeur Technique – Keycloak et RH-DS - 2 octobre 2019
- Securing apps and services with Keycloak - 17 août 2018
- OpenAM 13.5 Core Token Service - 3 novembre 2017