Fernet tokens do not support domain scopes
Bug #1428949 reported by
Dolph Mathews
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Morgan Fainberg |
Bug Description
Attempting to get a domain-scoped token with the Fernet token provider returns a token - everything appears to have worked. When validating that token though, it appears to be unpacked as a project-scoped token, which ultimately fails.
The short of it is that domain-scope support doesn't really exist yet, and the current behavior will only work if the hierarchical multitenancy effort successfully migrates domains to be projects.
Changed in keystone: | |
assignee: | Dolph Mathews (dolph) → Lance Bragstad (lbragstad) |
Changed in keystone: | |
assignee: | Lance Bragstad (lbragstad) → Dolph Mathews (dolph) |
Changed in keystone: | |
assignee: | Dolph Mathews (dolph) → Jorge Munoz (jorge-munoz) |
Changed in keystone: | |
assignee: | Jorge Munoz (jorge-munoz) → Dolph Mathews (dolph) |
Changed in keystone: | |
assignee: | Dolph Mathews (dolph) → Morgan Fainberg (mdrnstm) |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | kilo-3 → 2015.1.0 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/162031
Review: https:/