OpenStack Identity (keystone)

IDP ID registration and validation

Registered by Marco Fargetta

With OS-Federation is possible to register multiple Identity Providers (IDPs) for the authentication. A user, to be authenticated, needs to access a specific url containing the IDP name and the protocol to use. If the credentials provided are correct the user can get a token. This mechanism misses to verify the IDP used for the authentication and this could allow a wrong mapping. It is possible to solve the problem with a specific configuration of shibboleth, as in the documentation, but this require to reconfigure the server every time an IDP is added/removed/modified so it is valuable to add a check inside keystone.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Medium
Drafter:
Marco Fargetta
Direction:
Approved
Assignee:
Marco Fargetta
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Implemented
Milestone target:
milestone icon 2015.1.0
Started by
Marco Fargetta
Completed by
Morgan Fainberg

Related branches

Sprints

Whiteboard

remote_id attributes implementation: https://review.openstack.org/#/c/142743/ (merged)

Gerrit topic: https://review.openstack.org/#q,topic:bug/1390124,n,z

Addressed by: https://review.openstack.org/142743 (merged)
    Multiple IdP authentication URL

Gerrit topic: https://review.openstack.org/#q,topic:bp/idp-id-registration,n,z

Addressed by: https://review.openstack.org/148229 (merged)
    IDP ID registration and validation

Addressed by: https://review.openstack.org/152016 (merged)
    Fix typo in Patch #142743

Addressed by: https://review.openstack.org/152156 (merged)
    IdP ID registration and validation

Addressed by: https://review.openstack.org/159803 (merged)
    Adding utf8 to federations tables

Gerrit topic: https://review.openstack.org/#q,topic:bug/1426334,n,z (merged)

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.