← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1390100] [NEW] do not depend on protocol specific id's when creating a federation token

 

Public bug reported:

If token.provider.common we have a check before issuing a federation
that checks if the method name used agrees with a hard coded protocol
name.

  i.e.:     if 'saml2' in method_names or 'oidc' in method_names


this should be done in a more dynamic way, so if more auth methods are supported, then they are automatically seen as federation methods.

fix 1: potentially have a federation_methods in [auth] that lists valid federation methods (very similar to methods in [auth])
fix 2: check the method name against protocol list ids

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1390100

Title:
  do not depend on protocol specific id's when creating a federation
  token

Status in OpenStack Identity (Keystone):
  New

Bug description:
  If token.provider.common we have a check before issuing a federation
  that checks if the method name used agrees with a hard coded protocol
  name.

    i.e.:     if 'saml2' in method_names or 'oidc' in method_names

  
  this should be done in a more dynamic way, so if more auth methods are supported, then they are automatically seen as federation methods.

  fix 1: potentially have a federation_methods in [auth] that lists valid federation methods (very similar to methods in [auth])
  fix 2: check the method name against protocol list ids

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1390100/+subscriptions


Follow ups

References