Need debug logging of SAML messages
Bug #1675528 reported by
John Dennis
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| keystoneauth |
Triaged
|
Low
|
Unassigned | ||
Bug Description
When debugging SAML problems, it's important to be able to see the contents of the SAML messages. When things go wrong with SAML the issue is often easily visible in the SAML message. However getting the SAML message can be difficult if the module does not emit it. This is especially true with ECP since ECP is harder to trace than WebSSO, with WebSSO there are browser based tools which allow you to see the SAML messages.
This might need something along the lines of keystone's insecure_debug flag so we don't leak sensitive information without being explicitly enabled. Not sure at the moment how the rest of keystoneauth handles sensitive debug information.
| Changed in keystoneauth: | |
| assignee: | nobody → John Dennis (jdennis-a) |
Revision history for this message
| John Dennis (jdennis-a) wrote | #1 |
Revision history for this message
| John Dennis (jdennis-a) wrote | #2 |
Revision history for this message
| Lance Bragstad (lbragstad) wrote | #3 |
| Changed in keystoneauth: | |
| assignee: | John Dennis (jdennis-a) → nobody |
| Changed in keystoneauth: | |
| importance: | Undecided → Low |
| status: | New → Triaged |
| Changed in keystoneauth: | |
| assignee: | nobody → John Dennis (jdennis-a) |
| Changed in keystoneauth: | |
| assignee: | John Dennis (jdennis-a) → nobody |
To post a comment you must log in.
Confirmed this was previously fixed. Closing as not a bug.