yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1241812] Re: Keystone WSGI hides environment vars

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 04 Dec 2013 09:33:34 -0000
Reply-to: Bug 1241812 <1241812@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => icehouse-1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1241812

Title:
  Keystone WSGI hides environment vars

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  THe _call_ operation on the wsgi app only copies selected values form
  the environment over to the context passed to the controllers.  One
  value, REMOTE_USER, is used for external.  However, X509 uses a
  different set of values.  Other external mechanisms will et additional
  values as well.

  
  Some  modules perform lookups against a remote provider, or map over data from a remote provider (LDAP, SAML). Keystone will not necessarily have the configuration to requery these environments after the initial processing to get authorization attributes. The environment is the only way to pass on additional values, such a group assignments.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1241812/+subscriptions