Red Hat Bugzilla – Bug 1263012
[RFE] New attributes for SAML Assertion generated by keystone IdP
Last modified: 2016-04-26 12:23:33 EDT
From upstream blueprint (https://blueprints.launchpad.net/keystone/+spec/assertion-extra-attributes):
"Currently, SAML assertions generated by a keystone Identity Provider only return three attributes: openstack_user, openstack_project and openstack_roles. It's known that users and projects don't have unique names in different domains, for this reason we need the user domain and project domain information in order to unique identify this entities when mapping them in a keystone Service Provider."
This is just a minor addition to the SAML assertion contents that is used with K2K federation. It should be easy to verify the contents of the assertion to see that the new data is provided once K2K is set up.
Verified for "openstack-keystone-8.0.0-1.el7ost"
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.