Public bug reported:
One of the most useful features of X.509 tokenless is to enable services
to validate user tokens without having to obtain a service auth token.
However, with the migration to system scope, this feature is effectively
broken as the default policies had been updated to require a system-
scoped token for these operations. We'll need to update the X.509
tokenless feature to support system-scoped token. Perhaps this can also
be done by using a new header to convey the system scope intention?
** Affects: keystone
Importance: Undecided
Status: New
** Tags: x509
** Tags added: x509
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1814570
Title:
Tokenless auth does not support system scope
Status in OpenStack Identity (keystone):
New
Bug description:
One of the most useful features of X.509 tokenless is to enable
services to validate user tokens without having to obtain a service
auth token. However, with the migration to system scope, this feature
is effectively broken as the default policies had been updated to
require a system-scoped token for these operations. We'll need to
update the X.509 tokenless feature to support system-scoped token.
Perhaps this can also be done by using a new header to convey the
system scope intention?
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1814570/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
