Testing Fernet Tokens on Tripleo

Not the way to do it long term, but this will give you a chance to play with it.

From the controller node:

sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
sudo crudini --set /etc/keystone/keystone.conf token provider fernet
sudo systemctl restart httpd.service

Test it

$ openstack  token issue -f shell
expires="2016-05-05T05:21:44Z"
id="gAAAAABXKspYhz7Ti5ldwi0mU4D69NqTINEU_t-e8MoxqVkVhR40w1E7GOmgai-9lanr2Z6bnoyQSgNWIhD63UOm1Mlsm9_hw5oTCqVO_pWJZwTomlWM2BrG5LqTOyp6PNqYz2pZ0DIaSTOnOQPeVqKp4ot8S3B6oA4Xy1JZo3305DPiApCzOyQ"
project_id="b383d314cc344639939f2a9a381a6945"
user_id="4e154e7d166d4bd6b8199dfd3a6f2468"

Leadership in Software Development Part 1

I’ve been in and out of leadership roles from High School onward. For the past decade and a half, I’ve been a professional software developer. During that time, I’ve been in a leadership position roughly a third of the time. Recently, I was asked to evaluate my Leadership Philosophy (more on that later). I’ve also had to do the annual counselling that My company formalizes.

One tool we learned in the Army was the list of Leadership principals. As part of my evaluation, I want to see how I think they apply to what I do: Software Development in an Open Source project space. Here’s what I’ve come up with so far:

Continue reading

Three Types of Keystone Users

Keystone supports multiple backend for Identity.  While SQL is the default, LDAP is one of the most used.  With Federation protocols, the user data won’t even be stored in the identity backend at all.  All three of these approaches have different use cases, and all work together.  The way that that I’ve come to think of them is as  three types of Keystone users:  employees, partners, and customers.  Take the following as a metaphor, not literal  truth.

Continue reading

Who holds the keys to the Kingdom

During the years I worked as a Web application developer, it seemed like every application had its own authentication mechanism. An application developer is thinking in terms of the domain model for their application whether it be eCommerce, Systems management, photography, or weblogs. Identity Management is a cross cutting concern, and it is hard to get right. Why, then, do so many applications have “user” tables in their databases?
Continue reading

Wizard Woodcarving

After reading The Hobbit to my sons, my younger guy requested his favorite character. Quite pleased with how this grey pilgrim turned out.

Presentation on Keystone Deepdive and Folsom

http://adam.younglogic.com/presentations/KeystoneFolsom/

There is not a lot of text: I tend to keep my presentations as a visual mnemonic for the topics being discussed.

Let me know if you want to steal any of the images I created. I have them all as SVG, and the UML diagrams came out of ArgoUML.

Most of the Creative Commons images were found on DeviantArt.com, attributions at the end.

Cloud Narrative

Identity Management (IdM) needs change as an organization grows in size. For an example, I’ll describe a fictional company, and take it from the smallest to largest stages. While, to some degree, the industry of this firm really doesn’t matter, I am going to use a small import business started by a single individual and scale it up to a multinational corporation. As the organization grows in size, the technical needs will drive the scope and scale of the identity management solutions required.
(This is my writing Cross posted from the FreeIPA wiki)

Continue reading