<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">On 05/30/2016 05:09 AM, Haïkel wrote:<br>

    </div>

    <blockquote

cite="mid:CAHaCVFCh47kuH5AqGJ1PuYqHW0hVBZzg7FKdUdS9_EskPn=roA@mail.gmail.com"

      type="cite">

      <pre wrap="">2016-05-30 1:17 GMT+02:00 Pete Zaitcev <a class="moz-txt-link-rfc2396E" href="mailto:zaitcev@redhat.com"><zaitcev@redhat.com></a>:

</pre>

      <blockquote type="cite">

        <pre wrap="">On Mon, 30 May 2016 00:44:29 +0200

Haïkel <a class="moz-txt-link-rfc2396E" href="mailto:hguemar@fedoraproject.org"><hguemar@fedoraproject.org></a> wrote:

</pre>

        <blockquote type="cite">

          <blockquote type="cite">

            <pre wrap="">So, what do everyone clone? If someone could do this, it would be helpful:

</pre>

          </blockquote>

        </blockquote>

        <pre wrap="">

</pre>

        <blockquote type="cite">

          <pre wrap="">rdopkg clone openstack-swift

and then git review on rpm-master.

</pre>

        </blockquote>

        <pre wrap="">

Thanks a lot, that worked!

BTW, it would be great if we could do "rdopkg clone rdopkg" perhaps?

-- Pete

</pre>

      </blockquote>

      <pre wrap="">

rdopkg clone uses rdoinfo database, that's why it doesn't work (only

openstack projects are registered)

But that's something we could fix.</pre>

    </blockquote>

    <br>

    My quick write up<br>

    <br>

    <br>

    <a class="moz-txt-link-freetext" href="http://adam.younglogic.com/2016/05/reviews-for-rdo-packages/">http://adam.younglogic.com/2016/05/reviews-for-rdo-packages/</a><br>

    <br>

    <blockquote

cite="mid:CAHaCVFCh47kuH5AqGJ1PuYqHW0hVBZzg7FKdUdS9_EskPn=roA@mail.gmail.com"

      type="cite">

      <pre wrap="">

H.

_______________________________________________

rdo-list mailing list

<a class="moz-txt-link-abbreviated" href="mailto:rdo-list@redhat.com">rdo-list@redhat.com</a>

<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/rdo-list">https://www.redhat.com/mailman/listinfo/rdo-list</a>

To unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:rdo-list-unsubscribe@redhat.com">rdo-list-unsubscribe@redhat.com</a></pre>

    </blockquote>

    <br>

    <div class="moz-cite-prefix">On 05/25/2016 11:52 PM, Adam Young

      wrote:<br>

    </div>

    <blockquote cite="mid:574672E5.80205@redhat.com" type="cite">

      <meta http-equiv="content-type" content="text/html; charset=utf-8">

      I confirmed today that Kerberos still works for both WebSSO and

      CLI operations on a Rippowam provisioned server.  However, I think

      we need to chase down the Kerberos Auth plugin.  As things moved

      from keystonclient to Keystone Auth, I don;'t remember what the

      final decision was for Kerberos.  To be strictly correct, it

      should probablty move to python-keystoneauth-kerberos. <br>

      <br>

      <br>

      <br>

      Trying ECP seems to be close, but not quite set up right.  I am

      using the following rc file: <br>

      <br>

      $ cat keycloak-accrc <br>

      export OS_AUTH_TYPE=v3unscopedsaml <br>

      export OS_AUTH_URL=<a moz-do-not-send="true"

        class="moz-txt-link-freetext"

        href="https://openstack.ayoung.oslab.test:5000/v3">https://openstack.ayoung.oslab.test:5000/v3</a>

      <br>

      export OS_IDENTITY_PROVIDER=keycloak <br>

      export OS_IDENTITY_PROVIDER_URL=<a moz-do-not-send="true"

        class="moz-txt-link-freetext"

        href="https://ipa.ayoung.oslab.test/auth/saml2/SSO/SOAP">https://ipa.ayoung.oslab.test/auth/saml2/SSO/SOAP</a>

      <br>

      export OS_PROTOCOL=saml2 <br>

      export OS_PROJECT_NAME=demo <br>

      export OS_PROJECT_DOMAIN_ID=default <br>

      export OS_IDENTITY_API_VERSION=3 <br>

      (prompts for password and userid ellided) <br>

      <br>

      <br>

      The post to <a moz-do-not-send="true"

        class="moz-txt-link-freetext"

        href="https://ipa.ayoung.oslab.test/auth/saml2/SSO/SOAP">https://ipa.ayoung.oslab.test/auth/saml2/SSO/SOAP</a> 

      seems to be failing with: <br>

      <br>

      DEBUG: requests.packages.urllib3.connectionpool "POST

      /auth/saml2/SSO/SOAP HTTP/1.1" 404 0 <br>

      DEBUG: keystoneclient.session Request returned failure status: 404

      <br>

      ERROR: openstack Not Found (HTTP 404) <br>

      <br>

      Do I have the OS_IDENTITY_PROVIDER_URL right?  The remote ID for

      this server is <br>

      <br>

      remote_ids  | [u'<a moz-do-not-send="true"

        class="moz-txt-link-freetext"

        href="https://ipa.ayoung.oslab.test/auth/realms/openstack">https://ipa.ayoung.oslab.test/auth/realms/openstack</a>']

      <br>

      <br>

      Which works with WebSSO.  If I mess around with the PROVIDER_URL I

      still get the same response.  The tests <a moz-do-not-send="true"

        class="moz-txt-link-freetext"

href="https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlEcpProfileTest.java">https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlEcpProfileTest.java</a>

      seem to indicate that it should be <i class="moz-txt-slash"><span

          class="moz-txt-tag">/</span>ecp-sp<span class="moz-txt-tag">/</span></i>

      but that does not work, either. <br>

    </blockquote>

    <br>

  </body>

</html>