Comment 4 for bug 1475762

Reviewed: https://review.openstack.org/208069
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c4723550aa95be403ff591dd132c9024549eff10
Submitter: Jenkins
Branch: master

commit c4723550aa95be403ff591dd132c9024549eff10
Author: Dolph Mathews <email address hidden>
Date: Fri Jul 31 20:31:54 2015 +0000

    Validate domain ownership for v2 tokens

    The v2 API is not domain aware, and so the default domain serves to
    provide an implicit domain scope for v2 API clients. If a v3 token with
    a user (or project scope) outside the default domain is validated by the
    v2 API, the user (or project) reference may result in a collision due to
    the namespacing provided by domains.

    This patch provides validation that the references being returned to the
    v2 API are in fact in the default domain, and thus cannot result in
    namespace collisions.

    Change-Id: Ia75c260485b2cff3cd6cf5cf39c0ec715b99df10
    Closes-Bug: 1475762
    Closes-Bug: 1483382