OpenStack Identity (keystone)

Keystone accepts Group IDs from the IdP without any Domain reference

Registered by Olivier Pilotte on 2015-08-07

Right now, it's possible to provide a list of Groups (names) to Keystone via the Identity Provider. However, a Domain must provided to map those Groups. In the eventuality of the IdP having the reference to the Group IDs, Keystone should be able to map those Groups directly, without a Domain reference.

Blueprint information

Status:: Complete

Approver:: Steve Martinelli

Priority:: Low

Drafter:: Olivier Pilotte

Direction:: Approved

Assignee:: Olivier Pilotte

Definition:: Approved

Series goal:: Accepted for mitaka

Implementation:: Implemented

Milestone target:: mitaka-1

Started by: Olivier Pilotte on 2015-08-11

Completed by: Olivier Pilotte on 2015-11-26

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/federation-group-ids-mapped-without-domain-reference,n,z

Addressed by: https://review.openstack.org/210581
Keystone accepts Group IDs from the IdP without any Domain reference

Addressed by: https://review.openstack.org/216308
Accepts Group IDs from the IdP without domain

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.