The ADFSPassword plugin currently sets the WS-Policy 'AppliesTo'
EndpointReference Address in the WS-Trust RequestSecurityToken message
to the value specified in the ‘service-provider-endpoint’ option. This
may not be desirable if the Service Provider's SAML entity ID differs
from the WS-Federation Passive Endpoint (i.e. service provider endpoint)
consuming the WS-Trust RequestSecurityTokenResponse.
This commit introduces the ability to specify the EndpointReference used
in the RequestSecurityToken message via the 'service-provider-entity-id'
option. If omitted, the EndpointReference defaults to the value provided
in the ‘service-provider-endpoint' option to preserve backward
compatibility.
Reviewed: https:/ /review. openstack. org/463432 /git.openstack. org/cgit/ openstack/ keystoneauth/ commit/ ?id=4ca1a1f0280 ef0e02ac1c4df43 834d007264ada3
Committed: https:/
Submitter: Jenkins
Branch: master
commit 4ca1a1f0280ef0e 02ac1c4df43834d 007264ada3
Author: Blake Covarrubias <email address hidden>
Date: Sat Apr 29 17:54:20 2017 -0700
Allow setting EndpointReference in ADFSPassword
The ADFSPassword plugin currently sets the WS-Policy 'AppliesTo' erence Address in the WS-Trust RequestSecurity Token message provider- endpoint’ option. This TokenResponse.
EndpointRef
to the value specified in the ‘service-
may not be desirable if the Service Provider's SAML entity ID differs
from the WS-Federation Passive Endpoint (i.e. service provider endpoint)
consuming the WS-Trust RequestSecurity
This commit introduces the ability to specify the EndpointReference used Token message via the 'service- provider- entity- id' provider- endpoint' option to preserve backward
in the RequestSecurity
option. If omitted, the EndpointReference defaults to the value provided
in the ‘service-
compatibility.
Change-Id: I842427232db79d 628dc29f5a1dcf6 8e011667dfa
Closes-Bug: #1689424