OpenStack Identity (keystone)

Mapping Extension

Registered by Steve Martinelli on 2013-12-17

This blueprint has been superseded. See the newer blueprint "Design for allowing IdP Administrators to update Attribute Mappings" for updated plans.

When an assertion (for example, SAML) comes across, it contains attributes that help form the ephemeral identity and access of the user that already authenticated. It should at a minimum include username, list of roles (if any), domain_id. We can elect to store how these attributes map to keystone attributes.

Blueprint information

Status:: Complete

Approver:: Dolph Mathews

Priority:: Medium

Drafter:: Steve Martinelli

Direction:: Needs approval

Assignee:: Steve Martinelli

Definition:: Superseded

Series goal:: None

Implementation:: Good progress

Milestone target:: None

Started by: Dolph Mathews on 2014-01-15

Completed by: Dolph Mathews on 2014-01-15

Related branches

Related bugs

Sprints

ahmed

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/mapping,n,z

Addressed by: https://review.openstack.org/60424
Add mapping function to keystone

Addressed by: https://review.openstack.org/60244
Identity Providers CRUD operations.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.