OpenStack Identity (keystone)

Potential user_id collision between Federated IdPs

Bug #1505256 reported by Adam Young on 2015-10-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	Ron De Rose	OpenStack Identity (keystone) mitaka-3 "m3"

User Ids cannot be something specified entirely by the Federation providers. If they are, there are a handful of potential problems:

1. The userId specified will be too big for the column (varchar 64)
2. Two different Identity Providers can provide the same value for user_id

See original description

Tags:

Revision history for this message

Dolph Mathews (dolph) wrote on 2015-10-12:

I removed the prescribed solution from the bug description.

description:

updated

Lance Bragstad (lbragstad) on 2015-10-13

tags:

added: federation

Dolph Mathews (dolph) on 2015-10-14

Revision history for this message

Marek Denis (marek-denis) wrote on 2015-11-06:

I think shadow users will allow us to close this bug.

Revision history for this message

Adam Young (ayoung) wrote on 2015-11-20:

Marek: agreed. ANd, since Dolph is working on it, assigned to him.

Changed in keystone:
assignee:	nobody → Dolph Mathews (dolph)

Steve Martinelli (stevemar) on 2016-01-28

Changed in keystone:
milestone:	none → mitaka-3

Dolph Mathews (dolph) on 2016-01-28

Changed in keystone:
assignee:	Dolph Mathews (dolph) → Ron De Rose (ronald-de-rose)

Steve Martinelli (stevemar) on 2016-02-14

Changed in keystone:
importance:	High → Medium

Revision history for this message

Steve Martinelli (stevemar) wrote on 2016-03-01:

this is resolved via shadow users

Changed in keystone:
status:	Triaged → Fix Released

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.