This talk will describe the R&D recently performed at the University of Kent to add federated identity management to OpenStack. Specifically the Keystone pipeline has been modified by adding a new middleware component that calls a discovery service and credential validation service, in order to facilitate outgoing and incoming federated access, respectively. A client library has been built that makes use of these new keystone services. Several OpenStack clients have been modified to make calls to these new library APIs, so that federated access to Keystone services is possible. The technique that has been employed is designed to be federated identity management protocol agnostic, so that different FIM systems can be plugges in such as OpenID, Oauth, SAML, PKI, Kerberos etc. The working prototype uses SAML requests and responses.
