OpenStack Keystone SAML Mellon Charm

Allow configuring MellonSignatureMethod as of cosmic

Bug #1834573 reported by Dmitrii Shcherbakov on 2019-06-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Keystone SAML Mellon Charm	Triaged	Wishlist	Unassigned

Bug Description

Some IdPs require specific signature methods to be set.

Mellon versions up to 0.13.1 (bionic) did not expose MellonSignatureMethod and the default that comes from lasso is LASSO_SIGNATURE_METHOD_RSA_SHA1.

As of 0.14.0 (Cosmic) MellonSignatureMethod is exposed and is set by default to LASSO_SIGNATURE_METHOD_RSA_SHA256.

https://github.com/Uninett/mod_auth_mellon/releases/tag/v0.14.0

We should enable this option in case an IdP requires something else (e.g. sha384, sha512).

With ADFS as an IdP its operator has to explicitly choose which signature method to use and in contemporary versions of ADFS it is set to sha256 which leads to IdP-side errors and mellon <=0.13.1

Tags:

Chris MacNaughton (chris.macnaughton) on 2019-09-03

Changed in charm-keystone-saml-mellon:
status:	New → Triaged
importance:	Undecided → Wishlist

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.