yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1472060] [NEW] websso callback is in the wrong place

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jamie Lennox <jamielennox@xxxxxxxxxx>
Date: Tue, 07 Jul 2015 03:14:33 -0000
Reply-to: Bug 1472060 <1472060@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

We have all this infrastructure in /OS-
FEDERATION/identity_providers/{id}/protocol/{id} to uniquely identify
the relationship between an identity provider and a protocol for
interacting with that provider so we can apply mappings. With websso we
then hard code a route of /OS-FEDERATION/websso/{protocol}. Because we
have just stripped the identity_provider from the URL we then have to
add remote_ids to the identity_providers so that the websso/protocol
route can figure out which idp we are talking about and lookup the idp.

We have a route that includes the idp id and protocol and if we had put
the websso route at /OS-
FEDERATION/identity_providers/{id}/protocol/{id}/websso (next to where
/auth) lives we wouldn't need the multiple <location>s in the httpd
config and we wouldn't need to add remote_ids to the idp (because we've
already established this once in httpd).

I'm sure there are advantages to this too but what was the point of
/identity_providers/{id}/protocol/{id} if we're going to have to
establish remote_id relationships back to and IDP?

</rant>

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1472060

Title:
  websso callback is in the wrong place

Status in OpenStack Identity (Keystone):
  New

Bug description:
  We have all this infrastructure in /OS-
  FEDERATION/identity_providers/{id}/protocol/{id} to uniquely identify
  the relationship between an identity provider and a protocol for
  interacting with that provider so we can apply mappings. With websso
  we then hard code a route of /OS-FEDERATION/websso/{protocol}. Because
  we have just stripped the identity_provider from the URL we then have
  to add remote_ids to the identity_providers so that the
  websso/protocol route can figure out which idp we are talking about
  and lookup the idp.

  We have a route that includes the idp id and protocol and if we had
  put the websso route at /OS-
  FEDERATION/identity_providers/{id}/protocol/{id}/websso (next to where
  /auth) lives we wouldn't need the multiple <location>s in the httpd
  config and we wouldn't need to add remote_ids to the idp (because
  we've already established this once in httpd).

  I'm sure there are advantages to this too but what was the point of
  /identity_providers/{id}/protocol/{id} if we're going to have to
  establish remote_id relationships back to and IDP?

  </rant>

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1472060/+subscriptions

Follow ups

[Bug 1472060] Re: websso callback is in the wrong place
From: Dolph Mathews, 2015-07-09
[Bug 1472060] [NEW] websso callback is in the wrong place
From: Jamie Lennox, 2015-07-07

References

[Bug 1472060] [NEW] websso callback is in the wrong place
From: Jamie Lennox, 2015-07-07