[Openstack-security] [Bug 1442787] Re: Mapping openstack_user attribute in k2k assertions with different domains
OpenStack Infra
1442787 at bugs.launchpad.net
Wed May 6 07:25:52 UTC 2015
Reviewed: https://review.openstack.org/172562
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=ae2d7075ff58e426e324e2eac57c852ffd4bc804
Submitter: Jenkins
Branch: master
commit ae2d7075ff58e426e324e2eac57c852ffd4bc804
Author: Rodrigo Duarte Sousa <rodrigods at lsd.ufcg.edu.br>
Date: Fri Apr 10 17:27:12 2015 -0300
Add openstack_user_domain to assertion
Currently, a keystone IdP does not provide the domain of the user
when generating SAML assertions. Since it is possible to have two
users with the same username but in different domains, this patch
adds an additional attribute called "openstack_user_domain"
in the assertion to identify the domain of the user.
Closes-Bug: 1442787
bp assertion-extra-attributes
Change-Id: I65d5c02c0a21f4d4c1b54f8aa56e27950d20badd
** Changed in: keystone
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1442787
Title:
Mapping openstack_user attribute in k2k assertions with different
domains
Status in OpenStack Identity (Keystone):
Fix Committed
Bug description:
We can have two users with the same username in different domains. So
if we have a "User A" in "Domain X" and a "User A" in "Domain Y",
there is no way to differ what "User A" is being used in a SAML
assertion generated by this IdP (we have only the openstack_user
attribute in the SAML assertion).
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1442787/+subscriptions
More information about the Openstack-security
mailing list