Keystone IdP SAML metadata insufficient for websso flow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
The metadata generated by Keystone IdP includes a binding of type URI. From https:/
def single_
return md.SingleSignOn
Looking at the Shibboleth SessionInitiator code, this is not a valid binding for a default websso configuration. The accepted bindings are defined at https:/
// No override, so we'll install a default binding precedence.
string prec = string(
tags: | added: federation |
Changed in keystone: | |
status: | New → Triaged |
Changed in keystone: | |
milestone: | next → none |
Since we don't suppor K2K with websso workflow it's not a bug, but definitely worth having it here so we can track this.