Frequently Asked Questions

How to access the API when using SSO?
Last Updated a year ago

First, go to https://sso.massopen.cloud/auth/realms/moc/account and after logging in, go to the password tab and set a password. This will be used to bypass the University/GitHub login, and login directly from SSO.

Using the CLI

Create an .sh file with the following contents
#!/usr/bin/env bash
export OS_AUTH_URL="https://kaizen.massopen.cloud:5000/v3"
export OS_USERNAME=""
export OS_PROJECT_NAME=""
export OS_PROJECT_DOMAIN_NAME="Default"
echo "Please enter your SSO Password for project $OS_PROJECT_NAME as user $OS_USERNAME: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=$OS_PASSWORD_INPUT
export OS_REGION_NAME="MOC_Kaizen"
export OS_AUTH_TYPE="v3oidcpassword"
export OS_IDENTITY_PROVIDER="moc"
export OS_PROTOCOL="openid"
export OS_CLIENT_ID="kaizen-client"
export OS_CLIENT_SECRET="fac377a9-f2ba-41e7-bb7f-4064dd9f4468"
export OS_ACCESS_TOKEN_ENDPOINT="https://sso.massopen.cloud/auth/realms/moc/protocol/openid-connect/token"
export OS_DISCOVERY_ENDPOINT="https://sso.massopen.cloud/auth/realms/moc/.well-known/openid-configuration"
export OS_INTERFACE=public
export OS_IDENTITY_API_VERSION=3
Replace with your username and project name to use.

Now after installing the OpenStack Client, via pip using the following command, you can run openstack cli commands.
pip install python-openstackclient

Using Python

First, make sure that keystoneauth is installed.

pip install keystoneauth
After that you can authenticate with the following (filling in username, password and project_name):

from keystoneauth1 import identity
from keystoneauth1 import session

auth = identity.v3.oidc.OidcPassword(
    'https://kaizen.massopen.cloud:5000/v3',
    identity_provider='moc',
    protocol='openid',
    client_id='kaizen-client',
    client_secret='fac377a9-f2ba-41e7-bb7f-4064dd9f4468',
    access_token_endpoint='https://sso.massopen.cloud/auth/realms/moc/protocol/openid-connect/token',
    discovery_endpoint='https://sso.massopen.cloud/auth/realms/moc/.well-known/openid-configuration',
    username='',
    password='',
    project_name='',
    project_domain_name='Default'
)
s = session.Session(auth)
This session object can be used to instantiate the various clients, like python-novaclient or python-cinderclient.

Please Wait!

Please wait... it will take a second!