> For the complete documentation index, see [llms.txt](https://chameleoncloud.gitbook.io/chi-in-a-box/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://chameleoncloud.gitbook.io/chi-in-a-box/reference/chameleon-identity-federation.md). # Chameleon Identity Federation ### **What is Chameleon Identity Federation?** Federated identity allows a user to link existing identities and attributes across multiple distinct systems. In practice, this allows an operator to configure a system to allow access to users from other systems. Chameleon Identity Federation allows existing Chameleon users access to the configured associate site. This allows the site operator to leverage all of the infrastructure that the Chameleon project has built for handling user, project, and allocation management through the [Chameleon Portal](https://chameleoncloud.org). ### Requirements * IDP Client Credential for federation with Chameleon Keycloak (Request from Chameleon Core team) ### **Enabling Chameleon Identity Federation** Before an associate site can enable federation, that site must obtain a client identifier from Chameleon administrators. * Open a ticket in the [help desk](https://www.chameleoncloud.org/user/help/) explaining some details of the site institution and hardware. Chameleon staff will issue a Client ID for the site, which will need to be entered into the site configuration. * The Client ID is configured in `defaults.yml` as `keystone_idp_client_id`. To satisfy requirements of the deployment tool, the encrypted passwords file should set `keystone_idp_client_secret` should to "public". * Use `cc-ansible reconfigure` to apply the changes and generate a new keystone domain called "chameleon". At this point, federated login should now be available on the site. * Add the "admin" role and operator user. * Find and take note of the desired user and group UUIDs. Be sure to query the user and project entities in the "chameleon" domain. ``` openstack user show --domain chameleon openstack project show --domain chameleon openstack ``` * Make the role assignment ``` openstack role add --user --project admin ``` ### --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://chameleoncloud.gitbook.io/chi-in-a-box/reference/chameleon-identity-federation.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.