Token binding can't work with a Service Token
Bug #1413433 reported by
Jamie Lennox
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| keystonemiddleware |
Fix Released
|
Medium
|
Colleen Murphy | ||
Bug Description
The service token is used in conjunction with the user's token when a service is communicating with another service on behalf of a client.
When auth_token middleware validates token binding it validates both the X-Auth-Token and the X-Service-Token. This is pretty much impossible as there is no realistic configuration where the service has the bind credentials for the user token and it's own service token.
When auth_token recieves a X-Auth-Token AND an X-Service-Token it should only validate the bind of the X-Service-Token as this is where this request has originated.
| Changed in keystonemiddleware: | |
| importance: | Undecided → Medium |
| status: | New → Triaged |
| Changed in keystonemiddleware: | |
| assignee: | nobody → jiaxi (tjxiter) |
| Changed in keystonemiddleware: | |
| assignee: | jiaxi (tjxiter) → nobody |
| information type: | Public → Public Security |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystonemiddleware (master) | #1 |
| Changed in keystonemiddleware: | |
| assignee: | nobody → Colleen Murphy (krinkle) |
| status: | Triaged → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystonemiddleware (master) | #2 |
| Changed in keystonemiddleware: | |
| status: | In Progress → Fix Released |
Revision history for this message
| Doug Hellmann (doug-hellmann) wrote Fix included in openstack/keystonemiddleware 4.5.0 | #3 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/