[Openstack-security] [Bug 1442343] Re: Mapping openstack_project attribute in k2k assertions with different domains
OpenStack Infra
1442343 at bugs.launchpad.net
Thu Apr 30 17:39:57 UTC 2015
Reviewed: https://review.openstack.org/172536
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=fa844bc88edb417f9513d19c749886a61d7b26ce
Submitter: Jenkins
Branch: master
commit fa844bc88edb417f9513d19c749886a61d7b26ce
Author: Rodrigo Duarte Sousa <rodrigods at lsd.ufcg.edu.br>
Date: Fri Apr 10 14:59:34 2015 -0300
Add openstack_project_domain to assertion
Currently, a keystone IdP does not provide the domain of the project
when generating SAML assertions. Since it is possible to have two
projects with the same name but in different domains, this patch
adds an additional attribute called "openstack_project_domain"
in the assertion to identify the domain of the project.
Closes-Bug: 1442343
bp assertion-extra-attributes
Change-Id: I62ed73d87f268c73294738845421deb87088326b
** Changed in: keystone
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1442343
Title:
Mapping openstack_project attribute in k2k assertions with different
domains
Status in OpenStack Identity (Keystone):
Fix Committed
Bug description:
We can have two projects with the same name in different domains. So
if we have a "Project A" in "Domain X" and a "Project A" in "Domain
Y", there is no way to differ what "Project A" is being used in a SAML
assertion generated by this IdP (we have only the openstack_project
attribute in the SAML assertion).
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1442343/+subscriptions
More information about the Openstack-security
mailing list