Keystone as Identity Provider supports to generator saml assertion for SP. The content in the saml assertion is hard code. The attribute contains: openstack_user,openstack_roles,openstack_project,openstack_project_domain,openstack_user_domain.
But in case the SP need more information from IdP Keystone,(or IdP want to provide more information to SP) there is no way to extend the saml information. Such as user's extra info, like email address, the description of a role and so on.
Or a case like: IdP Keystone mapping to two SP-SP1 and SP2, SP1 need additional key1:value1, but SP2 need.key2:value2.
For those cases, Keystone as IdP should support configurable saml assertion property
Keystone as Identity Provider supports to generator saml assertion for SP. The content in the saml assertion is hard code. The attribute contains: openstack_ user,openstack_ roles,openstack _project, openstack_ project_ domain, openstack_ user_domain.
But in case the SP need more information from IdP Keystone,(or IdP want to provide more information to SP) there is no way to extend the saml information. Such as user's extra info, like email address, the description of a role and so on.
Or a case like: IdP Keystone mapping to two SP-SP1 and SP2, SP1 need additional key1:value1, but SP2 need.key2:value2.
For those cases, Keystone as IdP should support configurable saml assertion property