Support configurable saml assertion property
Bug #1801309 reported by
wangxiyuan
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Triaged
|
Wishlist
|
wangxiyuan |
Bug Description
Keystone as Identity Provider supports to generator saml assertion for SP. The content in the saml assertion is hard code. The attribute contains: openstack_
But in case the SP need more information from IdP Keystone,(or IdP want to provide more information to SP) there is no way to extend the saml information. Such as user's email address, the description of a role and so on.
Or a case like: IdP Keystone mapping to two SP-SP1 and SP2, SP1 need additional key1:value1, but SP2 need.key2:value2.
For those cases, Keystone as IdP should support configurable saml assertion property
Changed in keystone: | |
assignee: | nobody → wangxiyuan (wangxiyuan) |
description: | updated |
To post a comment you must log in.
I think this needs to be expanded upon and is really part of the future "enhanced federation" bits.