/v3/auth/tokens cannot be used for issuing unscoped tokens during federated authn
Bug #1296348 reported by
Marek Denis
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Marek Denis | ||
openstack-api-site |
Fix Released
|
Undecided
|
Marek Denis |
Bug Description
URL /v3/auth/tokens cannot be used when issuing unscoped federated tokens, as such URL must be configured as protected in the mod_shib configuration. Thus, a dedicated URL must be able to run federated authentication. Also, as usually during federated authentication initial data used by the client is lost (due to many HTTP redirections between SP and IdP) it's advised for clients to access URL with IdP and protocol specified in the URL.
Changed in keystone: | |
assignee: | nobody → Marek Denis (marek-denis) |
Changed in keystone: | |
milestone: | none → icehouse-rc1 |
Changed in keystone: | |
importance: | Undecided → High |
Changed in openstack-api-site: | |
assignee: | nobody → Marek Denis (marek-denis) |
assignee: | Marek Denis (marek-denis) → nobody |
assignee: | nobody → Marek Denis (marek-denis) |
status: | New → In Progress |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | icehouse-rc1 → 2014.1 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/82375
Review: https:/