V3 V2 token intermix should not allowed for non-default domain
Bug #1157430 reported by
Guang Yee
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Guang Yee |
Bug Description
The following tokens should be prohibited in V2
1) Token for user in a non-default domain
2) Token scoped to a project in a non-default domain
3) Token scoped to a domain
4) Token scoped to a trust?
To reproduce the problem.
1) authenticate a user in a non-default domain using V3 API and get a token
2) validate the token using V2 API
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → grizzly-rc1 |
Changed in keystone: | |
importance: | High → Medium |
importance: | Medium → Low |
importance: | Low → High |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | grizzly-rc1 → 2013.1 |
To post a comment you must log in.
With regarding to using trust tokens in V2, the following conditions must all be true.
1) trustor is in the default domain
2) trustee is in the default domain
3) delegated project is in the default domain