Mapping openstack_project attribute in k2k assertions with different domains
Bug #1442343 reported by
Iury Gregory Melo Ferreira
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Rodrigo Duarte | ||
Kilo |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
We can have two projects with the same name in different domains. So if we have a "Project A" in "Domain X" and a "Project A" in "Domain Y", there is no way to differ what "Project A" is being used in a SAML assertion generated by this IdP (we have only the openstack_project attribute in the SAML assertion).
description: | updated |
description: | updated |
Changed in keystone: | |
importance: | Undecided → Medium |
status: | New → Triaged |
tags: | added: security |
tags: | removed: kilo-rc-potential |
tags: | added: kilo-backport-potential |
Changed in keystone: | |
milestone: | none → liberty-1 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | liberty-1 → 8.0.0 |
To post a comment you must log in.
We need to include the domain information in the assertion and/or the entire hierarchy (reseller).