Client
Server
Keystone
GET /login
HTTP 302 Redirect to authentication endpoint
GET OS-FEDERATION WebSSO endpoint
Hidden HTML form Token
POST /login/websso
Set cookie S3BROW_SESSION + HTTP303 redirect /browse
SAML login
process
Discover token availability
from Keystone and open
connection