OpenStack Identity (keystone)

New attributes for SAML Assertion generated by keystone IdP

Registered by Rodrigo Duarte

Currenttly, SAML assertions generated by a keystone Identity Provider only return three attributes: openstack_user, openstack_project and openstack_roles. It's known that users and projects don't have unique names in different domains, for this reason we need the user domain and project domain information in order to unique identify this entities when mapping them in a keystone Service Provider.

Blueprint information

Status:
Complete
Approver:
Steve Martinelli
Priority:
Medium
Drafter:
Rodrigo Duarte
Direction:
Approved
Assignee:
Rodrigo Duarte
Definition:
Approved
Series goal:
Accepted for liberty
Implementation:
Implemented
Milestone target:
milestone icon 8.0.0
Started by
Steve Martinelli
Completed by
Steve Martinelli

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/assertion-extra-attributes,n,z

Addressed by: https://review.openstack.org/174462
    New attributes for SAML assertion

Gerrit topic: https://review.openstack.org/#q,topic:bug/1442787,n,z

Addressed by: https://review.openstack.org/172562
    Add openstack_user_domain to assertion

Addressed by: https://review.openstack.org/172536
    Add openstack_project_domain to assertion

Addressed by: https://review.openstack.org/179195
    Add openstack_project_domain to assertion

Addressed by: https://review.openstack.org/181007
    Add openstack_user_domain to assertion

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.