Public bug reported:
The documentation for setting up OIDC says to use id_token in
OIDCResponseType instead of code (or omitting the line entirely since
code is the default).
https://docs.openstack.org/keystone/latest/admin/federation/configure_federation.html#configuring-
** Changed in: keystone
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1786646
Title:
Domain Existence Leaking without
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1877720
Title:
test-bug
Status in OpenStack Identity
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1877709
Title:
test-bug
Status in OpenStack Identity
Hi Lorenzo, this is was a Horizon bug and is being tracked here.
https://bugs.launchpad.net/horizon/+bug/1747149
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack
the application credential to log in with the same authorization in the
external identity provider, in order to renew it.
** Affects: keystone
Importance: Undecided
Assignee: Kristi Nikolla (knikolla)
Status: New
** Tags: federation
--
You received this bug notification
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1776161
Title:
my own test bug
Status in OpenStack Identity
Public bug reported:
When you delete a shadow user and the user tries to log in again through
federation, they'll get a can't find user error. Retrying after 10 (or
so) minutes works.
My Setup
1. devstack-idp is the identity provider for service provider devstack-sp1,
using Keystone to
Public bug reported:
Prior to introducing per idp domains, all federated users lived in the
Federated domain. That is not the case anymore but Keystone keeps
reporting that federated users are part of that domain rather their per-
idp domains.
Token validation:
Public bug reported:
Setting LOGOUT_URL in `etc/openstack-dashboard/local_settings.py` has no
effect on the URL displayed in the dropdown menu. It still points to
`/dashboard/auth/logout/`.
Setting this value is important when using SSO so as to redirect the
user to the SSO logout page, and then
Public bug reported:
When attempting to filter users by name, it works for local users, but
doesn't work for federated users.
Pasted shell session shows:
1. Listing all users shows federated users too.
2. Filtering by name a federated user doesn't work.
3. Filtering by name a local user works.
Also affects python-keystoneclient as it only support names. [0]
Agree that the correct solution is to allow ids also.
0. https://github.com/openstack/python-
keystoneclient/blob/71af540c81ecb933d912ef5ecde128afcc0deeeb/keystoneclient/v3/contrib/trusts.py#L41
** Also affects:
Public bug reported:
The libssl-dev package is registered in bindep.txt for both ubuntu and
rpm distros. The actual name of the package in red hat distros is
openssl-devel.
[fedora@desire keystone]$ bindep platform:rpm
Missing packages:
libssl-dev
** Affects: keystone
Importance:
Public bug reported:
When creating a v3 keystoneclient using non admin credentials I'm able
to get the list of service providers from the service catalog, but the
policy doesn't allow to list or get service providers by default.
>>> ksclient2.service_catalog.catalog[u'service_providers']
14 matches
Mail list logo
