Basically, in comparison with part 1, the Openstack authentication against the Keystone server is now achieved by OpenAM itself, thanks to a specialized authentication module.

Our belgium partners  Paradigmo ( http://paradigmo.com/2014/05/06/forgerock-openam-integration-openstack-keystone/ ) enhanced the previous solution exposed in part 1.

This authentication module is also responsible for storing the Keystone token in the user’s OpenAM session, so that it can be later retrieved by the J2EE agent running in the OpenIG web container.

Yet, OpenIG remains, to add keystone tokens to client requests on the fly.

This architecture leverages OpenAM authentication framework and API’s and also benefits from OpenAM session failover feature if enabled. It also makes it easier to store and retrieve Keystone tokens than if it’d been implemented on the OpenIG side.

The diagram below depicts OpenIG internals …

authent keystoneV2

janua

janua

Specialised in IAM (security, access control, identity management) and Open Source integration, settled in 2004 by IAM industry veteran, JANUA offers high value-added products and services to businesses and governements with a concern for Identity Management and Open Source components.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
janua

Les derniers articles par janua (tout voir)