Provide Endpoint for ECP wrapped assertions

Registered by Morgan Fainberg

If an app want to use k2k, then the keystone SP is probably setup to leverage ECP SAML assertions.
Currently, the SAML assertion that is generated by the IdP keystone does not contain the ECP related bits, such as:

<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:RelayState xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
                        soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
                        soap11:mustUnderstand="1">
            ss:mem:456e74900b306b5ed54ec9fb23c614f9fa73ece1c97ec004ed
        </ecp:RelayState>
    </soap11:Header>
    <soap11:Body>
        %(response)s
    </soap11:Body>
</soap11:Envelope>

we should add these into the saml generator code so that a client can simply get a SAML assertion from his token, and pass that assertion directly to a remote keystone.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Medium
Drafter:
Morgan Fainberg
Direction:
Approved
Assignee:
Steve Martinelli
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Implemented
Milestone target:
milestone icon 2015.1.0
Started by
Thierry Carrez
Completed by
Steve Martinelli

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bug/1426128,n,z

Addressed by: https://review.openstack.org/166078
    Add relay_state_prefix to Service Provider

Addressed by: https://review.openstack.org/162866
    Add API to create ecp wrapped saml assertion

Gerrit topic: https://review.openstack.org/#q,topic:add_relay_state_prefix,n,z

Addressed by: https://review.openstack.org/166086
    Add a relay_state_prefix to the service provider resource

Gerrit topic: https://review.openstack.org/#q,topic:bp/ecp-wrapped-saml-assertions,n,z

Addressed by: https://review.openstack.org/167621 (merged)
    Endpoint to generate ECP assertions

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.