The customer needs two factor authentication: the implementation with keystone and IPA has many issues and customer doesn't want to go on this solution. So, we found this article[1] that explains how to configure Keystone for federation and as ServiceProvider: the plan is to use an external IDP based on EAP + Picketlink with custom EAP login modules. So: 1) Do we have other customer using login customization for OSP7? and how? I'm not aware of it, it's better for this to reach to BU or rhos-tech to check for this. 2) Do we have some ready made solution to implement two factor auth in OSP? Ipa can be integrated with keystone (https://www.rdoproject.org/documentation/keystone-integration-with-idm/) And IPA can do 2FA: http://rhelblog.redhat.com/2015/06/04/identity-management-and-two-factor-authentication-using-one-time-passwords/ So it can be crafted together But as you said, if customer doesn't want to go the IPA road, it's a dead end. 3) Do we fully support federation + SAML2 login in OSP?
*** This bug has been marked as a duplicate of bug 1263009 ***