OpenStack Identity (keystone)

Give more details about the K2K flow

Bug #1459686 reported by Rodrigo Duarte
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Invalid
Medium
Unassigned

Bug Description

Currently, the K2K flow in the config file [1] isn't detailed enough, we should provide at least the next step where we exchange a SAML assertion for a unscoped token from the SP.

[1] https://github.com/openstack/keystone/blob/master/doc/source/configure_federation.rst#testing-it-all-out

Dolph Mathews (dolph)
tags: added: federation
Changed in keystone:
importance: Undecided → Medium
status: New → Triaged
Marek Denis (marek-denis)
Changed in keystone:
assignee: nobody → Marek Denis (marek-denis)
Revision history for this message
Marek Denis (marek-denis) wrote :

I am not sure whether we should start explaining vaguely how the idp-initiated saml workflow works. Maybe it's worth waiting few more days for K2KAuthPlugin and make a reference to that?

Revision history for this message
Rodrigo Duarte (rodrigodsousa) wrote :

The last step in the doc is to retrieve the SAML assertion from the IdP Keystone. My idea was to have a next step with two requests to the SP: initial step to send the assertion and the GET to retrieve the unscoped token.

Revision history for this message
Dolph Mathews (dolph) wrote :

This bug hasn't been touched in awhile, and I swear I've seen these docs somewhere else. Marek/Rodrigo, has this been fixed and I just can't find it?

Changed in keystone:
status: Triaged → Incomplete
Revision history for this message
Marek Denis (marek-denis) wrote :

I remember we had some duplicated bugs and indeed some improvements to docs were proposed.
However I cannot find any similar bug that would be resolved and assigned to myself.

Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

Marking as invalid since this should have expired as incomplete long ago.

Changed in keystone:
assignee: Marek Denis (marek-denis) → nobody
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.