websso callback is in the wrong place
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Opinion
|
Undecided
|
Unassigned |
Bug Description
We have all this infrastructure in /OS-FEDERATION/
We have a route that includes the idp id and protocol and if we had put the websso route at /OS-FEDERATION/
I'm sure there are advantages to this too but what was the point of /identity_
</rant>
tags: | added: federation |
Changed in keystone: | |
status: | New → Opinion |
people were stating that listing all IdPs through horizons login page was insecure, leveraging remote_id was the only way we programatically determine the idp that was being used