V3 V2 token intermix should not allowed for non-default domain
Bug #1157430 reported by
Guang Yee
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
High
|
Guang Yee | ||
Bug Description
The following tokens should be prohibited in V2
1) Token for user in a non-default domain
2) Token scoped to a project in a non-default domain
3) Token scoped to a domain
4) Token scoped to a trust?
To reproduce the problem.
1) authenticate a user in a non-default domain using V3 API and get a token
2) validate the token using V2 API
| Changed in keystone: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| milestone: | none → grizzly-rc1 |
| Changed in keystone: | |
| importance: | High → Medium |
| importance: | Medium → Low |
| importance: | Low → High |
Revision history for this message
| Guang Yee (guang-yee) wrote | #1 |
| Changed in keystone: | |
| assignee: | nobody → Guang Yee (guang-yee) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #2 |
| Changed in keystone: | |
| status: | Triaged → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #3 |
| Changed in keystone: | |
| status: | In Progress → Fix Committed |
| Changed in keystone: | |
| status: | Fix Committed → Fix Released |
| Changed in keystone: | |
| milestone: | grizzly-rc1 → 2013.1 |
To post a comment you must log in.
With regarding to using trust tokens in V2, the following conditions must all be true.
1) trustor is in the default domain
2) trustee is in the default domain
3) delegated project is in the default domain