OpenStack Identity (keystone)

wsgi generating wrong entity_id values when issuing saml assertions.

Bug #1374033 reported by Marek Denis on 2014-09-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	Marek Denis	OpenStack Identity (keystone) 2014.2 "juno"

Bug Description

Attribute issuer should always be set to CONF.saml.idp_entity_id, otherwise entityID from the IdP metadata and the generated assertion can differ and hence make Service Provider reject the assertion.

Tags:

Marek Denis (marek-denis) on 2014-09-25

Changed in keystone:
assignee:	nobody → Marek Denis (marek-denis)

Morgan Fainberg (mdrnstm) on 2014-09-25

Changed in keystone:
importance:	Undecided → Medium
status:	New → Triaged

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-25: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/124176

Changed in keystone:
status:	Triaged → In Progress

Morgan Fainberg (mdrnstm) on 2014-09-26

tags:

added: federation juno-rc-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-27: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/124176
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=62099029e9c794c5bc4a780fe34fd51ebffee6e1
Submitter: Jenkins
Branch: master

commit 62099029e9c794c5bc4a780fe34fd51ebffee6e1
Author: Marek Denis <email address hidden>
Date: Thu Sep 25 22:17:00 2014 +0200

Set issuer value to CONF.saml.idp_entity_id.

    When generating SAML assertion Keystone should always set issuer value
    in federation.controllers.Auth.create_saml_assertion() to
    CONF.saml.idp_entity_id.

Change-Id: If970cdf20cfca8b1dc667eefd030083fdafe9424
Closes-Bug: #1374033

Changed in keystone:
status:	In Progress → Fix Committed

Morgan Fainberg (mdrnstm) on 2014-09-27

Changed in keystone:
milestone:	none → juno-rc1

Thierry Carrez (ttx) on 2014-09-30

Changed in keystone:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-10-16

Changed in keystone:
milestone:	juno-rc1 → 2014.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.