Currently, a keystone IdP does not provide the domain of the user
when generating SAML assertions. Since it is possible to have two
users with the same username but in different domains, this patch
adds an additional attribute called "openstack_user_domain"
in the assertion to identify the domain of the user.
Closes-Bug: 1442787
bp assertion-extra-attributes
Change-Id: I65d5c02c0a21f4d4c1b54f8aa56e27950d20badd
(cherry picked from commit ae2d7075ff58e426e324e2eac57c852ffd4bc804)
Reviewed: https:/ /review. openstack. org/181007 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=e9aa2673928 c265f6592334e73 7c2bbafeb0026b
Committed: https:/
Submitter: Jenkins
Branch: stable/kilo
commit e9aa2673928c265 f6592334e737c2b bafeb0026b
Author: Rodrigo Duarte Sousa <email address hidden>
Date: Fri Apr 10 17:27:12 2015 -0300
Add openstack_ user_domain to assertion
Currently, a keystone IdP does not provide the domain of the user user_domain"
when generating SAML assertions. Since it is possible to have two
users with the same username but in different domains, this patch
adds an additional attribute called "openstack_
in the assertion to identify the domain of the user.
Closes-Bug: 1442787 extra-attribute s
bp assertion-
Change-Id: I65d5c02c0a21f4 d4c1b54f8aa56e2 7950d20badd 6e324e2eac57c85 2ffd4bc804)
(cherry picked from commit ae2d7075ff58e42