[Openstack-security] [Bug 1442787] Re: Mapping openstack_user attribute in k2k assertions with different domains
OpenStack Infra
1442787 at bugs.launchpad.net
Fri Jul 31 20:37:25 UTC 2015
Reviewed: https://review.openstack.org/181007
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=e9aa2673928c265f6592334e737c2bbafeb0026b
Submitter: Jenkins
Branch: stable/kilo
commit e9aa2673928c265f6592334e737c2bbafeb0026b
Author: Rodrigo Duarte Sousa <rodrigods at lsd.ufcg.edu.br>
Date: Fri Apr 10 17:27:12 2015 -0300
Add openstack_user_domain to assertion
Currently, a keystone IdP does not provide the domain of the user
when generating SAML assertions. Since it is possible to have two
users with the same username but in different domains, this patch
adds an additional attribute called "openstack_user_domain"
in the assertion to identify the domain of the user.
Closes-Bug: 1442787
bp assertion-extra-attributes
Change-Id: I65d5c02c0a21f4d4c1b54f8aa56e27950d20badd
(cherry picked from commit ae2d7075ff58e426e324e2eac57c852ffd4bc804)
** Tags added: in-stable-kilo
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1442787
Title:
Mapping openstack_user attribute in k2k assertions with different
domains
Status in Keystone:
Fix Released
Bug description:
We can have two users with the same username in different domains. So
if we have a "User A" in "Domain X" and a "User A" in "Domain Y",
there is no way to differ what "User A" is being used in a SAML
assertion generated by this IdP (we have only the openstack_user
attribute in the SAML assertion).
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1442787/+subscriptions
More information about the Openstack-security
mailing list