commit bcef9dbd87b4941cb4dfafc920e0d78d843cb1a7
Author: Dave Wilde (d34dh0r53) <email address hidden>
Date: Thu Oct 13 15:37:53 2022 -0500
Limit token expiration to application credential expiration
If a token is issued with an application credential we need to check
the expiration of the application credential to ensure that the token
does not outlive the application credential. This ensures that if the
token expiration is greaten than that of the application credential it
is reset to the expiration of the application credential and a warning
is logged. Please see CVE-2022-2447 for more information.
Closes-Bug: 1992183
Change-Id: If6f9f72cf25769d022a970fac36cead17b2030f2
(cherry picked from commit 8f999d1c1f54a903c1da648ecaa2ce44acdb1fd1)
Reviewed: https:/ /review. opendev. org/c/openstack /keystone/ +/862906 /opendev. org/openstack/ keystone/ commit/ bcef9dbd87b4941 cb4dfafc920e0d7 8d843cb1a7
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/wallaby
commit bcef9dbd87b4941 cb4dfafc920e0d7 8d843cb1a7
Author: Dave Wilde (d34dh0r53) <email address hidden>
Date: Thu Oct 13 15:37:53 2022 -0500
Limit token expiration to application credential expiration
If a token is issued with an application credential we need to check
the expiration of the application credential to ensure that the token
does not outlive the application credential. This ensures that if the
token expiration is greaten than that of the application credential it
is reset to the expiration of the application credential and a warning
is logged. Please see CVE-2022-2447 for more information.
Closes-Bug: 1992183 d022a970fac36ce ad17b2030f2 3c1da648ecaa2ce 44acdb1fd1)
Change-Id: If6f9f72cf25769
(cherry picked from commit 8f999d1c1f54a90