Openstack Keystone external provider


#1

Could tyk be configured to support Keystone identity provider and use tyk to manage users and projects in Keystone? I note that Keystone makes use of Saml2. If possible having an api gateway in front of Openstack and exposing api endpoints based on one’s own release schedule would be amazing.


#2

You could look into our Tyk Identity Broker, which is designed so that pluggable front-ends can be added to it that perform various actions inside a Tyk stack such as token creation. You could add a SAML2 validator or a Keystone-compatible API identity provider that validates a request against Keystone and then trades the validation for a valid Tyk key.

This would be the simplest thing to do get Keystone to provide credentials to Tyk (Dashboard, Portal or tokens). Actually remoting Keystone from within Tyk might be a little trickier.