yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #56915
[Bug 1507456] Re: default setting of certificate for SAML signing doesn't work
This is not an issue anymore with the latest code base, and the patch
intends to fix that has been abandoned, so mark it as won't fix.
** Changed in: keystone
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1507456
Title:
default setting of certificate for SAML signing doesn't work
Status in OpenStack Identity (keystone):
Won't Fix
Bug description:
Currently, the default setting is
'/etc/keystone/ssl/certs/signing_cert.pem' which is the public key
certificate which contains,
- Signature Algorithm
- Public Key
- Signature Algorithm
- Subject
etc.
But sigver.read_cert_from_file expects the certificate's content
holds plain certificate information, which means it 's start from
-----BEGIN CERTIFICATE-----
or
-----BEGIN PUBLIC KEY-----
and end with
-----END CERTIFICATE-----
or
-----END PUBLIC KEY-----
So, the default setting will not work for SAML signing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1507456/+subscriptions
References