RFE: add more info in the k2k assertion

Bug #1641625 reported by Steve Martinelli
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Vishakha Agarwal

Bug Description

Currently, the user's name (and domain name), their roles, the project they authenticated with (and project's domain name) are supplied in the k2k assertion that keystone generates.

There has been a request that the user's groups also be included in the assertion.

Tags: federation
Changed in keystone:
assignee: nobody → Ron De Rose (ronald-de-rose)
Changed in keystone:
importance: Undecided → Wishlist
Revision history for this message
Lance Bragstad (lbragstad) wrote :

Automatically unassigning due to inactivity.

Changed in keystone:
assignee: Ron De Rose (ronald-de-rose) → nobody
Changed in keystone:
status: New → Triaged
Changed in keystone:
assignee: nobody → Vishakha Agarwal (vishakha.agarwal)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/588211

Changed in keystone:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.opendev.org/588211
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=dda426b61a18590a81c5b3af281eb0c410756692
Submitter: Zuul
Branch: master

commit dda426b61a18590a81c5b3af281eb0c410756692
Author: Vishakha Agarwal <email address hidden>
Date: Thu Aug 2 16:31:54 2018 +0530

    Add openstack_groups to assertion

    Currently, a keystone IdP does not provide the
    groups to which user belong when generating SAML
    assertions.This patch adds an additional attribute
    called "openstack_groups" in the assertion.

    Change-Id: I205e8bbf9a4579b16177f57e29e363f4205a2b48
    Closes-Bug: #1641625

Changed in keystone:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers