yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1291157] Re: idp deletion should trigger token revocation

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Lance Bragstad <lbragstad@xxxxxxxxx>
Date: Fri, 27 Jan 2017 16:33:51 -0000
Reply-to: Bug 1291157 <1291157@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I'm not sure https://review.openstack.org/#/c/414720/29 complete fixes
the issue. I don't think that patch (list federated attributes for
users) adds a revocation event of any kind when an Identity Provider is
deleted.

There are a couple proposed solutions that have been abandon that we can
pick and try to move forward through [0].

[0] https://review.openstack.org/210456

** Changed in: keystone
       Status: Invalid => Confirmed

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1291157

Title:
  idp deletion should trigger token revocation

Status in OpenStack Identity (keystone):
  Confirmed

Bug description:
  When a federation IdP is deleted, the tokens that were issued (and
  still active) and associated with the IdP should be deleted. To
  prevent unwarranted access. The fix should delete any tokens that are
  associated with the idp, upon deletion (and possibly update, too).

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1291157/+subscriptions

References

[Bug 1291157] [NEW] idp deletion should trigger token deletion
From: Steve Martinelli, 2014-03-12