yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1291157] Re: idp deletion should trigger token revocation

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1291157@xxxxxxxxxxxxxxxxxx>
Date: Tue, 18 Mar 2014 18:25:02 -0000
Reply-to: Bug 1291157 <1291157@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

As discussed in today's keystone meeting,
keystoneclient.middleware.auth_token can track valid IdPs on GET /v3/OS-
FEDERATION/identity_providers and compare them to tokens to test for
validity.

** Also affects: python-keystoneclient
   Importance: Undecided
       Status: New

** Changed in: python-keystoneclient
       Status: New => Triaged

** Changed in: python-keystoneclient
   Importance: Undecided => High

** Changed in: keystone
    Milestone: icehouse-rc1 => next

** Changed in: python-keystoneclient
    Milestone: None => 0.7.0

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1291157

Title:
  idp deletion should trigger token revocation

Status in OpenStack Identity (Keystone):
  Triaged
Status in Python client library for Keystone:
  Triaged

Bug description:
  When a federation IdP is deleted, the tokens that were issued (and
  still active) and associated with the IdP should be deleted. To
  prevent unwarranted access. The fix should delete any tokens that are
  associated with the idp, upon deletion (and possibly update, too).

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1291157/+subscriptions

References

[Bug 1291157] [NEW] idp deletion should trigger token deletion
From: Steve Martinelli, 2014-03-12