Comment 35 for bug 1434034
Revision history for this message
| Morgan Fainberg (mdrnstm) wrote Re: Even if the user is disabled, can use the last token is validated | #35 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
We may want to add information that the PKI(Z) tokens will continue (with no plans for fixing) to be affected, as keystone does not perform the validation of the users. The endpoint validates pki tokens and the endpoint cannot know the state of user enabled/disabled.
Federated users are are also not controlled by keystone and keystone cannot directly query the enabled status of these users. It is expected that the Identity Provider must notify the service provider that a user has been disabled or like many SSO type technologies, the session (token ttl this case) must expire.