Bug 1263012

Summary: [RFE] New attributes for SAML Assertion generated by keystone IdP
Product: Red Hat OpenStack Reporter: Nathan Kinder <nkinder>
Component: openstack-keystoneAssignee: Nathan Kinder <nkinder>
Status: CLOSED ERRATA QA Contact: Rodrigo Duarte <rduartes>
Severity: low Docs Contact:
Priority: low    
Version: 8.0 (Liberty)CC: ayoung, jschluet, nbarcet, nkinder, nlevinki, sclewis, yeylon
Target Milestone: betaKeywords: FutureFeature
Target Release: 8.0 (Liberty)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-keystone-8.0.0-1.el7ost Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-07 21:08:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nathan Kinder 2015-09-14 22:00:59 UTC 
From upstream blueprint (https://blueprints.launchpad.net/keystone/+spec/assertion-extra-attributes):

"Currently, SAML assertions generated by a keystone Identity Provider only return three attributes: openstack_user, openstack_project and openstack_roles. It's known that users and projects don't have unique names in different domains, for this reason we need the user domain and project domain information in order to unique identify this entities when mapping them in a keystone Service Provider."

This is just a minor addition to the SAML assertion contents that is used with K2K federation.  It should be easy to verify the contents of the assertion to see that the new data is provided once K2K is set up.
Comment 6 Rodrigo Duarte 2016-01-28 13:30:51 UTC 
Verified for "openstack-keystone-8.0.0-1.el7ost"
Comment 9 errata-xmlrpc 2016-04-07 21:08:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0603.html