Keystone IdP SAML metadata insufficient for websso flow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Wishlist
|
Unassigned |
Bug Description
The metadata generated by Keystone IdP includes a binding of type URI. From https:/
def single_
return md.SingleSignOn
Looking at the Shibboleth SessionInitiator code, this is not a valid binding for a default websso configuration. The accepted bindings are defined at https:/
// No override, so we'll install a default binding precedence.
string prec = string(
Marek Denis (marek-denis) wrote : | #1 |
Changed in keystone: | |
assignee: | nobody → Marek Denis (marek-denis) |
importance: | Undecided → Wishlist |
milestone: | none → next |
Rodrigo Duarte (rodrigodsousa) wrote : | #2 |
@Marek: ++
This should be tracked if we want to implement fully enabled SAML IdP in Keystone.
tags: | added: federation |
Changed in keystone: | |
status: | New → Triaged |
Changed in keystone: | |
milestone: | next → none |
Steve Martinelli (stevemar) wrote : | #3 |
unassigning due to inactivity
Changed in keystone: | |
assignee: | Marek Denis (marek-denis) → nobody |
Since we don't suppor K2K with websso workflow it's not a bug, but definitely worth having it here so we can track this.