yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1390124] Re: No validation between client's IdP and Keystone IdP

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Nathan Kinder <nkinder@xxxxxxxxxx>
Date: Thu, 30 Apr 2015 17:21:32 -0000
Reply-to: Bug 1390124 <1390124@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This has been published as OSSN-0047:

  https://wiki.openstack.org/wiki/OSSN/OSSN-0047

** Changed in: ossn
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1390124

Title:
  No validation between client's IdP and Keystone IdP

Status in OpenStack Identity (Keystone):
  Fix Released
Status in OpenStack Security Advisories:
  Won't Fix
Status in OpenStack Security Notes:
  Fix Released

Bug description:
  With today's configuration there is no strict link between  federated
  assertion issued by a trusted IdP and a IdP configured inside
  Keystone. Hence, user has ability to choose a mapping and possibly get
  unauthorized access.

  Proposed solution: setup a IdP identified included in an assertion
  issued by a IdP and validate whether that both values are equal.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1390124/+subscriptions