yahoo-eng-team team mailing list archive

[Marek Denis <marek.denis@xxxxxxx>]

Public bug reported:

During SAML2 authentication the whole environment dictionary is passed to the RuleProcessor object (this dictionary will only contain basestring inheriting values after the bug #1290258 is fixed). It'd be much better to additionally let users filter what  can be passed to the RuleProcessor by choosing only parameters with a certain prefix.
A new configuration parameter - ''assertion_prefix'' should be added, defaulting to an empty string, which would not impact users who don't want to use this filtering method.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1293436

Title:
  Allow filtering variables  passed to the RuleProcessor

Status in OpenStack Identity (Keystone):
  New

Bug description:
  During SAML2 authentication the whole environment dictionary is passed to the RuleProcessor object (this dictionary will only contain basestring inheriting values after the bug #1290258 is fixed). It'd be much better to additionally let users filter what  can be passed to the RuleProcessor by choosing only parameters with a certain prefix.
  A new configuration parameter - ''assertion_prefix'' should be added, defaulting to an empty string, which would not impact users who don't want to use this filtering method.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1293436/+subscriptions