Public bug reported:
If token.provider.common we have a check before issuing a federation
that checks if the method name used agrees with a hard coded protocol
name.
i.e.: if 'saml2' in method_names or 'oidc' in method_names
this should be done in a more dynamic way, so if more auth methods are
supported, then they are automatically seen as federation methods.
fix 1: potentially have a federation_methods in [auth] that lists valid
federation methods (very similar to methods in [auth])
fix 2: check the method name against protocol list ids
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1390100
Title:
do not depend on protocol specific id's when creating a federation
token
Status in OpenStack Identity (Keystone):
New
Bug description:
If token.provider.common we have a check before issuing a federation
that checks if the method name used agrees with a hard coded protocol
name.
i.e.: if 'saml2' in method_names or 'oidc' in method_names
this should be done in a more dynamic way, so if more auth methods are
supported, then they are automatically seen as federation methods.
fix 1: potentially have a federation_methods in [auth] that lists valid
federation methods (very similar to methods in [auth])
fix 2: check the method name against protocol list ids
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1390100/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
