Confirmed Class B1
** Information type changed from Private Security to Public
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1390124
Title:
No validation between client's IdP and Keystone IdP
Status in OpenStack Identity (Keystone):
Triaged
Status in OpenStack Security Advisories:
Won't Fix
Status in OpenStack Security Notes:
In Progress
Bug description:
With today's configuration there is no strict link between federated
assertion issued by a trusted IdP and a IdP configured inside
Keystone. Hence, user has ability to choose a mapping and possibly get
unauthorized access.
Proposed solution: setup a IdP identified included in an assertion
issued by a IdP and validate whether that both values are equal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1390124/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
