Comment 2 for bug 1641639

Revision history for this message
Robert Duncan (rduncan-t) wrote :

Why are federated users becoming keystone users? - why is all the mapping being handled at the service provider? - why can't we just pass ROLE_ID = as part of the security assertion? - all this mapping has to happen at the identity provider anyway!! we don't let every ldap user into openstack. - operators are scratching heads! - overly difficult for simple RBAC