Federated domain is reported when validating a federated token

Bug #1754048 reported by Kristi Nikolla on 2018-03-07
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)

Bug Description

Prior to introducing per idp domains, all federated users lived in the Federated domain. That is not the case anymore but Keystone keeps reporting that federated users are part of that domain rather their per-idp domains.

Token validation: http://paste.openstack.org/show/693652/

Lance Bragstad (lbragstad) wrote :

I noticed this when doing some refactoring of the token provider API recently. I agree that we should get the token provide up-to-speed by populating the identity provider's domain in the token response, instead of the cookie-cutter Federated domain.

Changed in keystone:
status: New → Triaged
importance: Undecided → Medium
Lance Bragstad (lbragstad) wrote :

This was technically found in the Queens release and probably true for older releases that use federation. I don't think this is something we need to fix for Rocky.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers