From b86ad26f7df809b93741666f0500613353edcecb Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Mon, 20 Jul 2015 17:59:05 +0100
Subject: [PATCH] Add sample Keystone Federation SP configuration for ADFS

An ADFS v3.0 (Windows 2012 R2) Identity Provider is capable of
interacting via SAML2 to the Service provider, so there is no
special configuration over and above the same as required from
the TestShib/Keystone IdP.

This patch adds a sample configuration to the defaults file.

DocImpact
Implements: blueprint keystone-sp-adfs-idp
Change-Id: I37728e618d4624699a00f4ecfbb8cab0745e9e52
---
 playbooks/roles/os_keystone/defaults/main.yml | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/playbooks/roles/os_keystone/defaults/main.yml b/playbooks/roles/os_keystone/defaults/main.yml
index 7461503922..1ed1adddd2 100644
--- a/playbooks/roles/os_keystone/defaults/main.yml
+++ b/playbooks/roles/os_keystone/defaults/main.yml
@@ -197,6 +197,7 @@ keystone_recreate_keys: False
 #  cert_duration_years: 5
 #  trusted_dashboard_list:
 #    - "https://{{ external_lb_vip_address }}/auth/websso/"
+#    - "https://{{ horizon_server_name }}/auth/websso/"
 #  trusted_idp_list:
 #    note that only one of these is supported at any one time for now
 #    - name: "keystone-idp"
@@ -261,6 +262,35 @@ keystone_recreate_keys: False
 #                        name: Default
 #                  - user:
 #                      name: '{0}'
+#
+#    - name: 'adfs-idp'
+#      entity_ids:
+#       - 'http://idp.pigeonbrawl.net/adfs/services/trust'
+#      metadata_uri: 'https://idp.pigeonbrawl.net/FederationMetadata/2007-06/FederationMetadata.xml'
+#      metadata_file: 'metadata-adfs-idp.xml'
+#      metadata_reload: 1800
+#      federated_identities:
+#        - domain: Default
+#          project: fedproject
+#          group: fedgroup
+#          role: _member_
+#      protocols:
+#        - name: saml2
+#          mapping:
+#            name: adfs-idp-mapping
+#            rules:
+#              - remote:
+#                  - type: upn
+#                local:
+#                  - group:
+#                      name: fedgroup
+#                      domain:
+#                        name: Default
+#                  - user:
+#                      name: '{0}'
+#          attributes:
+#            - name: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'
+#              id: upn
 
 # Keystone Federation SP Packages
 keystone_sp_apt_packages: