Potential user_id collision between Federated IdPs

Bug #1505256 reported by Adam Young on 2015-10-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
Ron De Rose

Bug Description

User Ids cannot be something specified entirely by the Federation providers. If they are, there are a handful of potential problems:

1. The userId specified will be too big for the column (varchar 64)
2. Two different Identity Providers can provide the same value for user_id

Dolph Mathews (dolph) wrote :

I removed the prescribed solution from the bug description.

description: updated
tags: added: federation
Dolph Mathews (dolph) on 2015-10-14
Changed in keystone:
importance: Undecided → High
status: New → Triaged
Marek Denis (marek-denis) wrote :

I think shadow users will allow us to close this bug.

Adam Young (ayoung) wrote :

Marek: agreed. ANd, since Dolph is working on it, assigned to him.

Changed in keystone:
assignee: nobody → Dolph Mathews (dolph)
Changed in keystone:
milestone: none → mitaka-3
Dolph Mathews (dolph) on 2016-01-28
Changed in keystone:
assignee: Dolph Mathews (dolph) → Ron De Rose (ronald-de-rose)
Changed in keystone:
importance: High → Medium
Steve Martinelli (stevemar) wrote :

this is resolved via shadow users

Changed in keystone:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints