remote_id_attribute config options prevents multiple protocol variations for Federation
Bug #1724645 reported by
Adam Young
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Low
|
Colleen Murphy |
Bug Description
In order to activate a protocol for Federation, you need SOME value for remote_
Changed in keystone: | |
status: | New → Confirmed |
importance: | Undecided → Low |
tags: | added: feder |
tags: |
added: federation removed: feder |
tags: | added: office-hours |
Changed in keystone: | |
assignee: | nobody → erus (erus) |
status: | Confirmed → In Progress |
Changed in keystone: | |
assignee: | erus (erus) → Colleen Murphy (krinkle) |
To post a comment you must log in.
The workaround is to do something like this in the config:
[auth] auth.plugins. mapped. Mapped auth.plugins. mapped. Mapped
methods = [...],saml2_mellon, saml2_shib
saml2_mellon = keystone.
saml2_shib = keystone.
[saml2_mellon]
remote_id_attribute = MELLON_IDP
[saml2_shib] Provider
remote_id_attribute = Shib-Identity-
It would be nice if we could make this more intuitive.