Adding keystone-coresec for further investigation.
So in order to impersonate Service Provider response or the Identity Provider response, these endpoints need to be in http right ? If so, this is likely a C1 type of bug (according to https://security.openstack.org/vmt-process.html#incident-report-taxonomy ).
Adding keystone-coresec for further investigation.
So in order to impersonate Service Provider response or the Identity Provider response, these endpoints need to be in http right ? If so, this is likely a C1 type of bug (according to https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy ).