yahoo-eng-team team mailing list archive

[wangxiyuan <wangxiyuan@xxxxxxxxxx>]

Public bug reported:

Keystone as Identity Provider supports to generator saml assertion for
SP. The content in the saml assertion is hard code. The attribute
contains:
openstack_user,openstack_roles,openstack_project,openstack_project_domain,openstack_user_domain.

But in case the SP need more information from IdP Keystone,(or IdP want
to provide more information to SP) there is no way to extend the saml
information. Such as user's extra info, like email address, the
description of a role  and so on.

Or a case like: IdP Keystone mapping to two SP-SP1 and SP2, SP1 need
additional key1:value1, but SP2 need.key2:value2.

For those cases, Keystone as IdP should support configurable saml
assertion property

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1801309

Title:
  Support configurable saml assertion property

Status in OpenStack Identity (keystone):
  New

Bug description:
  Keystone as Identity Provider supports to generator saml assertion for
  SP. The content in the saml assertion is hard code. The attribute
  contains:
  openstack_user,openstack_roles,openstack_project,openstack_project_domain,openstack_user_domain.

  But in case the SP need more information from IdP Keystone,(or IdP
  want to provide more information to SP) there is no way to extend the
  saml information. Such as user's extra info, like email address, the
  description of a role  and so on.

  Or a case like: IdP Keystone mapping to two SP-SP1 and SP2, SP1 need
  additional key1:value1, but SP2 need.key2:value2.

  For those cases, Keystone as IdP should support configurable saml
  assertion property

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1801309/+subscriptions