This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1263012 - [RFE] New attributes for SAML Assertion generated by keystone IdP
[RFE] New attributes for SAML Assertion generated by keystone IdP
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone (Show other bugs)
8.0 (Liberty)
Unspecified Unspecified
low Severity low
: beta
: 8.0 (Liberty)
Assigned To: Nathan Kinder
Rodrigo Duarte
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2015-09-14 18:00 EDT by Nathan Kinder
Modified: 2016-04-26 12:23 EDT (History)
8 users (show)

See Also:
Fixed In Version: openstack-keystone-8.0.0-1.el7ost
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-04-07 17:08:22 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nathan Kinder 2015-09-14 18:00:59 EDT
From upstream blueprint (

"Currently, SAML assertions generated by a keystone Identity Provider only return three attributes: openstack_user, openstack_project and openstack_roles. It's known that users and projects don't have unique names in different domains, for this reason we need the user domain and project domain information in order to unique identify this entities when mapping them in a keystone Service Provider."

This is just a minor addition to the SAML assertion contents that is used with K2K federation.  It should be easy to verify the contents of the assertion to see that the new data is provided once K2K is set up.
Comment 6 Rodrigo Duarte 2016-01-28 08:30:51 EST
Verified for "openstack-keystone-8.0.0-1.el7ost"
Comment 9 errata-xmlrpc 2016-04-07 17:08:22 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

Note You need to log in before you can comment on or make changes to this bug.