[Openstack-security] [Bug 1442343] Re: Mapping openstack_project attribute in k2k assertions with different domains
OpenStack Infra
1442343 at bugs.launchpad.net
Fri Jun 19 22:37:32 UTC 2015
Reviewed: https://review.openstack.org/179195
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0c0bf69ceff55d81054a61123cccabb721b96b09
Submitter: Jenkins
Branch: stable/kilo
commit 0c0bf69ceff55d81054a61123cccabb721b96b09
Author: Rodrigo Duarte Sousa <rodrigods at lsd.ufcg.edu.br>
Date: Fri Apr 10 14:59:34 2015 -0300
Add openstack_project_domain to assertion
Currently, a keystone IdP does not provide the domain of the project
when generating SAML assertions. Since it is possible to have two
projects with the same name but in different domains, this patch
adds an additional attribute called "openstack_project_domain"
in the assertion to identify the domain of the project.
Closes-Bug: 1442343
bp assertion-extra-attributes
Change-Id: I62ed73d87f268c73294738845421deb87088326b
(cherry picked from commit fa844bc88edb417f9513d19c749886a61d7b26ce)
** Tags added: in-stable-kilo
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1442343
Title:
Mapping openstack_project attribute in k2k assertions with different
domains
Status in OpenStack Identity (Keystone):
Fix Committed
Bug description:
We can have two projects with the same name in different domains. So
if we have a "Project A" in "Domain X" and a "Project A" in "Domain
Y", there is no way to differ what "Project A" is being used in a SAML
assertion generated by this IdP (we have only the openstack_project
attribute in the SAML assertion).
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1442343/+subscriptions
More information about the Openstack-security
mailing list