yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1593362] [NEW] Single Sign on Users must have an identity in keystone

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sachin <smanpathak@xxxxxxxxxxxxx>
Date: Thu, 16 Jun 2016 18:01:41 -0000
Reply-to: Bug 1593362 <1593362@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Single sign on (SSO) users from an external identity provider (IDP) are mapped to keystone group/user with a mapping rule. The identity of such a user is lost in context of OpenStack. Once the operation makes it to OpenStack services, only group is available in the context. This poses multiple problems
1. The owners of various objects like VMs, Volumes, Networks are not identifiable as that specific SSO user.
2. The user-quota api for various projects like nova, cinder and neutron does not work.

** Affects: keystone
Importance: Undecided
Status: New

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1593362

Title:
Single Sign on Users must have an identity in keystone

Status in OpenStack Identity (keystone):
New

Bug description:
Single sign on (SSO) users from an external identity provider (IDP) are mapped to keystone group/user with a mapping rule. The identity of such a user is lost in context of OpenStack. Once the operation makes it to OpenStack services, only group is available in the context. This poses multiple problems
1. The owners of various objects like VMs, Volumes, Networks are not identifiable as that specific SSO user.
2. The user-quota api for various projects like nova, cinder and neutron does not work.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1593362/+subscriptions

Follow ups

[Bug 1593362] Re: Single Sign on Users must have an identity in keystone
From: Launchpad Bug Tracker, 2016-09-05