yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1390124] Re: No validation between client's IdP and Keystone IdP

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Mon, 01 Dec 2014 15:16:59 -0000
Reply-to: Bug 1390124 <1390124@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Confirmed Class B1

** Information type changed from Private Security to Public

** Changed in: ossa
       Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1390124

Title:
  No validation between client's IdP and Keystone IdP

Status in OpenStack Identity (Keystone):
  Triaged
Status in OpenStack Security Advisories:
  Won't Fix
Status in OpenStack Security Notes:
  In Progress

Bug description:
  With today's configuration there is no strict link between  federated
  assertion issued by a trusted IdP and a IdP configured inside
  Keystone. Hence, user has ability to choose a mapping and possibly get
  unauthorized access.

  Proposed solution: setup a IdP identified included in an assertion
  issued by a IdP and validate whether that both values are equal.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1390124/+subscriptions