Go to https://developers.globus.org. Click on "Register your app with Globus".
Globus Auth Documentation is available at https://docs.globus.org/api/auth/
Add the following lines to /etc/openstack-dashboard/local_settings:
WEBSSO_ENABLED = True WEBSSO_CHOICES = ( ("credentials", _("Keystone Credentials")), ("globus", _("Globus Auth")), ) WEBSSO_IDP_MAPPING = { "credentials": ("credentials", "password"), "globus": ("globus", "openidc"), }
Restart Horizon for change to take effect:
systemctl restart httpd
Configure Keystone to:
openstack domain create globus
LoadModule auth_openidc_module modules/mod_auth_openidc.so OIDCClaimPrefix "OIDC-" OIDCResponseType "code" OIDCScope "openid email profile" OIDCProviderMetadataURL "https://auth.globus.org/.well-known/openid-configuration" OIDCClientID "" OIDCClientSecret " " OIDCCryptoPassphrase " " OIDCRedirectURI "https:// :5000/v3/OS-FEDERATION/identity_providers/globus/protocols/openidc/auth/redirect" AuthType "openid-connect" Require valid-user OIDCRedirectURI "https://:5000/v3/auth/OS-FEDERATION/identity_providers/globus/protocols/openidc/websso/redirect" AuthType "openid-connect" Require valid-user
[auth] methods = password,token,openidc openidc=keystone.auth.plugins.mapped.Mapped [federation] remote_id_attribute = HTTP_OIDC_ISS federated_domain_name = globus trusted_dashboard=https:///dashboard/auth/websso/
systemctl restart httpd
openstack identity provider create --remote-id https://auth.globus.org --domain globus globus