Currently, a keystone IdP does not provide the domain of the user
when generating SAML assertions. Since it is possible to have two
users with the same username but in different domains, this patch
adds an additional attribute called "openstack_user_domain"
in the assertion to identify the domain of the user.
Reviewed: https:/ /review. openstack. org/172562 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=ae2d7075ff5 8e426e324e2eac5 7c852ffd4bc804
Committed: https:/
Submitter: Jenkins
Branch: master
commit ae2d7075ff58e42 6e324e2eac57c85 2ffd4bc804
Author: Rodrigo Duarte Sousa <email address hidden>
Date: Fri Apr 10 17:27:12 2015 -0300
Add openstack_ user_domain to assertion
Currently, a keystone IdP does not provide the domain of the user user_domain"
when generating SAML assertions. Since it is possible to have two
users with the same username but in different domains, this patch
adds an additional attribute called "openstack_
in the assertion to identify the domain of the user.
Closes-Bug: 1442787 extra-attribute s
bp assertion-
Change-Id: I65d5c02c0a21f4 d4c1b54f8aa56e2 7950d20badd