Support configurable saml assertion property

Bug #1801309 reported by wangxiyuan on 2018-11-02
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)

Bug Description

Keystone as Identity Provider supports to generator saml assertion for SP. The content in the saml assertion is hard code. The attribute contains: openstack_user,openstack_roles,openstack_project,openstack_project_domain,openstack_user_domain.

But in case the SP need more information from IdP Keystone,(or IdP want to provide more information to SP) there is no way to extend the saml information. Such as user's email address, the description of a role and so on.

Or a case like: IdP Keystone mapping to two SP-SP1 and SP2, SP1 need additional key1:value1, but SP2 need.key2:value2.

For those cases, Keystone as IdP should support configurable saml assertion property

wangxiyuan (wangxiyuan) on 2018-11-02
Changed in keystone:
assignee: nobody → wangxiyuan (wangxiyuan)
Morgan Fainberg (mdrnstm) wrote :

I think this needs to be expanded upon and is really part of the future "enhanced federation" bits.

Changed in keystone:
status: New → Triaged
importance: Undecided → Wishlist
Morgan Fainberg (mdrnstm) wrote :

Added as wishlist.

wangxiyuan (wangxiyuan) on 2018-12-11
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers