** Changed in: keystone
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1130236
Title:
Domains are not validated on authentication
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
There two separate problems:
In v2 authentication, currently domains are removed from user &
project refs prior to validation.
https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L81
Their validation was also made conditional because the validation was
merged prior to domain_id's being available on users & projects:
https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L97
https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L97
The validation needs to become unconditional and validated prior to
being removed.
In v3, the domain is checked when authenticating by username, but not
by user_id - the later successfully authenticates even if the domain
is disabled.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1130236/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
