OpenStack Identity (keystone)

  1. Bug #1505256
  2. Activity log

Activity log for bug #1505256

Date Who What changed Old value New value Message
2015-10-12 14:12:31 Adam Young bug added bug
2015-10-12 20:14:01 Dolph Mathews description User Ids cannot be something sepcified entirely by the Federation providers. If they are, there are a handful of potential problems: 1. The userId specified will be too big for the colum (varchar 64) 2. Two different Identity Providers can provide the same value for user_id The solution is to use the id_mapping capability of the identity backend. This should be enabled on a per-idp basis, and the default should be enabled. The id_mapping approach needs a separate domain_id to deconflict userids. This domain should be created by default and linked 1-to-1 with the IdP id. User Ids cannot be something specified entirely by the Federation providers. If they are, there are a handful of potential problems: 1. The userId specified will be too big for the column (varchar 64) 2. Two different Identity Providers can provide the same value for user_id
2015-10-13 20:39:28 Lance Bragstad tags federation
2015-10-14 15:57:38 Dolph Mathews keystone: importance Undecided High
2015-10-14 15:57:40 Dolph Mathews keystone: status New Triaged
2015-11-20 21:04:50 Adam Young keystone: assignee Dolph Mathews (dolph)
2016-01-28 22:53:15 Steve Martinelli keystone: milestone mitaka-3
2016-01-28 23:02:48 Dolph Mathews keystone: assignee Dolph Mathews (dolph) Ron De Rose (ronald-de-rose)
2016-02-14 03:44:47 Steve Martinelli keystone: importance High Medium
2016-03-01 02:08:20 Steve Martinelli keystone: status Triaged Fix Released