yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1296348] Re: /v3/auth/tokens cannot be used for issuing unscoped tokens during federated authn

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 26 Mar 2014 20:26:37 -0000
Reply-to: Bug 1296348 <1296348@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1296348

Title:
  /v3/auth/tokens cannot be used for issuing unscoped tokens during
  federated authn

Status in OpenStack Identity (Keystone):
  Fix Released
Status in OpenStack API documentation site:
  Fix Released

Bug description:
  URL /v3/auth/tokens cannot be used when issuing unscoped federated
  tokens, as such URL must be configured as protected in the mod_shib
  configuration. Thus, a dedicated URL must be able to run federated
  authentication. Also, as usually during federated authentication
  initial data used by the client is lost (due to many HTTP redirections
  between SP and IdP) it's advised for clients to access URL with IdP
  and protocol specified in the URL.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1296348/+subscriptions

References

[Bug 1296348] [NEW] /v3/auth/tokens cannot be used for issuing unscoped tokens during federated authn
From: Marek Denis, 2014-03-23