Mapping a federated user to a local user does not return concrete role assignments
Bug #1667070 reported by
Ron De Rose
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Triaged
|
Medium
|
Unassigned | ||
Bug Description
When mapping a federated user to a local user, only federated projects and roles are returned; not the local user's concrete role assignments and projects.
Will update this with a mapping example and steps to reproduce.
| Changed in keystone: | |
| assignee: | nobody → Ron De Rose (ronald-de-rose) |
| tags: | added: federation |
Revision history for this message
| Henry Nash (henry-nash) wrote | #1 |
Revision history for this message
| Ron De Rose (ronald-de-rose) wrote | #2 |
| Changed in keystone: | |
| importance: | Undecided → Medium |
| status: | New → Triaged |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #3 |
| Changed in keystone: | |
| status: | Triaged → In Progress |
Revision history for this message
| Lance Bragstad (lbragstad) wrote | #4 |
| Changed in keystone: | |
| assignee: | Ron De Rose (ronald-de-rose) → nobody |
| status: | In Progress → Triaged |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Change abandoned on keystone (master) | #5 |
To post a comment you must log in.
What happens if the mapping also contains group membership (and hence roles) based on your federation assertions? Do you get the superset of all the roles? Only the local ones? Is this an error situation?