Allow setting EndpointReference in ADFSPassword
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystoneauth |
Fix Released
|
Undecided
|
Blake Covarrubias |
Bug Description
Allow setting EndpointReference in ADFSPassword
The ADFSPassword plugin currently sets the WS-Policy 'AppliesTo' EndpointReference Address in the WS-Trust RequestSecurity
The WS-Trust specification states that the WS-PolicyAttachment [1] 'AppliesTo' "...element specifies the scope for which this security token is desired" [2]. Therefore, this value is used by ADFS' Security Token Service (STS) to identity the intended Relying Party Trust. STS correspondingly uses the 'AppliesTo' value as the AudienceRestriction (RPID) in the SAML 1.0 assertion. This may not be desirable if the Service Provider's SAML entity ID differs from the WS-Federation Passive Endpoint (i.e. service provider endpoint) consuming the WS-Trust RequestSecurity
This commit introduces the ability to specify the EndpointReference used in the RequestSecurity
[1] https:/
[2] http://
Changed in keystoneauth: | |
assignee: | nobody → Blake Covarrubias (blakegc) |
description: | updated |
summary: |
- Allow custom EndpointReference in ADFSPassword + Allow setting EndpointReference in ADFSPassword |
description: | updated |
Changed in keystoneauth: | |
assignee: | Blake Covarrubias (blakegc) → Samuel de Medeiros Queiroz (samueldmq) |
Changed in keystoneauth: | |
assignee: | Samuel de Medeiros Queiroz (samueldmq) → Blake Covarrubias (blakegc) |
Fix proposed to branch: master /review. openstack. org/463432
Review: https:/