yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1472060] Re: websso callback is in the wrong place

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1472060@xxxxxxxxxxxxxxxxxx>
Date: Thu, 09 Jul 2015 17:18:54 -0000
Reply-to: Bug 1472060 <1472060@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Tags added: federation

** Changed in: keystone
       Status: New => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1472060

Title:
  websso callback is in the wrong place

Status in OpenStack Identity (Keystone):
  Opinion

Bug description:
  We have all this infrastructure in /OS-
  FEDERATION/identity_providers/{id}/protocol/{id} to uniquely identify
  the relationship between an identity provider and a protocol for
  interacting with that provider so we can apply mappings. With websso
  we then hard code a route of /OS-FEDERATION/websso/{protocol}. Because
  we have just stripped the identity_provider from the URL we then have
  to add remote_ids to the identity_providers so that the
  websso/protocol route can figure out which idp we are talking about
  and lookup the idp.

  We have a route that includes the idp id and protocol and if we had
  put the websso route at /OS-
  FEDERATION/identity_providers/{id}/protocol/{id}/websso (next to where
  /auth) lives we wouldn't need the multiple <location>s in the httpd
  config and we wouldn't need to add remote_ids to the idp (because
  we've already established this once in httpd).

  I'm sure there are advantages to this too but what was the point of
  /identity_providers/{id}/protocol/{id} if we're going to have to
  establish remote_id relationships back to and IDP?

  </rant>

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1472060/+subscriptions

References

[Bug 1472060] [NEW] websso callback is in the wrong place
From: Jamie Lennox, 2015-07-07