← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1336088] [NEW] Disabling a domain does not disable the previous issued tokens in that domain

 

Public bug reported:

Tokens are still valid although the domain has already been disable.

Steps to reproduce.

1. create domain "domainA"
2. create user "userA" under domain "domainA"
3. authenticate to get a token "tokenA" for user "userA"
4. disable "domainA"
6. validate "tokenA" and it is still a valid token which is supposed to be invalid.

Looks like the fix would be when disabling the domain, all the "un-
expired" tokens for this domain should also be disable.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1336088

Title:
  Disabling a domain does not disable the previous issued tokens in that
  domain

Status in OpenStack Identity (Keystone):
  New

Bug description:
  Tokens are still valid although the domain has already been disable.

  Steps to reproduce.

  1. create domain "domainA"
  2. create user "userA" under domain "domainA"
  3. authenticate to get a token "tokenA" for user "userA"
  4. disable "domainA"
  6. validate "tokenA" and it is still a valid token which is supposed to be invalid.

  Looks like the fix would be when disabling the domain, all the "un-
  expired" tokens for this domain should also be disable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1336088/+subscriptions


Follow ups

References