[Yahoo-eng-team] [Bug 1617361] [NEW] Federation mapping schema docs out of date

Importance: Low Assignee: Marek Denis (marek-denis) Status: In Progress ** Tags: documentation ** Changed in: keystone Assignee: (unassigned) => Marek Denis (marek-denis) ** Changed in: keystone Importance: Undecided => Low ** Description changed: Federation mapping

[Yahoo-eng-team] [Bug 1559022] [NEW] Remove SP filering documentation

Public bug reported: SP filetering should be removed as the code didn't land in Mitaka (so avoid user confusion and code-docs dissynchronisation) ** Affects: keystone Importance: Undecided Assignee: Marek Denis (marek-denis) Status: In Progress ** Tags: document

[Yahoo-eng-team] [Bug 1532745] [NEW] Wrong links in Service Providers filtering API docs

Public bug reported: Some of the links in the Service Providers filtering API docs are incorrect. ** Affects: keystone Importance: Low Assignee: Marek Denis (marek-denis) Status: In Progress ** Tags: documentation -- You received this bug notification because you are a

[Yahoo-eng-team] [Bug 1507944] [NEW] Incorrect example in federated rules documentation

on as possible as uses following guidance will fail with their setup. [0] http://docs.openstack.org/developer/keystone/mapping_combinations.html ** Affects: keystone Importance: Medium Assignee: Marek Denis (marek-denis) Status: New ** Tags: documentation federation ** Changed in: keys

[Yahoo-eng-team] [Bug 1505298] [NEW] No JSONSchema validation on some of federation API calls

Public bug reported: Identity providers, Mapping and Protocols CRUD requests should be validated with JSONSchema. ** Affects: keystone Importance: Undecided Assignee: Marek Denis (marek-denis) Status: New ** Tags: federation -- You received this bug notification because

[Yahoo-eng-team] [Bug 1489474] [NEW] Lack of federated token user object validation

Importance: Wishlist Assignee: Marek Denis (marek-denis) Status: In Progress ** Tags: federation test-improvement -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1489474 Title

[Yahoo-eng-team] [Bug 1487115] [NEW] Ephemeral user's id is not always urlsafe

eated with six.moves.urllib.parse.quote() function. ** Affects: keystone Importance: Medium Assignee: Marek Denis (marek-denis) Status: In Progress ** Tags: federation -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keyst

[Yahoo-eng-team] [Bug 1482701] [NEW] Federation: user's name in rules not respected

u'protocol': {u'id': u'saml2'}}, u'domain': {u'id': u'Federated', u'name': u'Federated'}, u'id': u'marek',

[Yahoo-eng-team] [Bug 1474997] [NEW] Federated tests don't check group existence in federated tokens

stone Importance: Low Assignee: Marek Denis (marek-denis) Status: New ** Changed in: keystone Assignee: (unassigned) => Marek Denis (marek-denis) ** Changed in: keystone Importance: Undecided => Low -- You received this bug notification because you are a memb

[Yahoo-eng-team] [Bug 1210141] Re: Document howto config LDAP identity with non-DN based ids.

** Changed in: keystone Status: In Progress => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1210141 Title: Document howto config LDAP identity with non-DN based ids.

[Yahoo-eng-team] [Bug 1468501] [NEW] keystone-manage should accept both formats of mapping rules

via curl-like tool or OSC. ** Affects: keystone Importance: Wishlist Assignee: Marek Denis (marek-denis) Status: In Progress ** Tags: federation -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https:

[Yahoo-eng-team] [Bug 1467692] Re: keystone-manage mapping_engine does not support regex

Hi Fernando, I checked some example rules with regex and it worked. The trick was to use boolean values as defined here https://docs.python.org/2/library/json.html#encoders-and-decoders, so true, not "True" nor True (lowercase true). I will let myself mark this bug as invalid. I can agree that o

[Yahoo-eng-team] [Bug 1466093] [NEW] Docs say K2K is experimental

/configure_federation.html#keystone-as-an-identity-provider-idp ** Affects: keystone Importance: Undecided Assignee: Marek Denis (marek-denis) Status: Invalid ** Tags: documentation federation ** Changed in: keystone Status: New => Invalid -- You received this

[Yahoo-eng-team] [Bug 1466092] [NEW] Docs say OS-FEDERATION is an extension

[0] http://docs.openstack.org/developer/keystone/configure_federation.html ** Affects: keystone Importance: Low Assignee: Marek Denis (marek-denis) Status: In Progress ** Tags: documentation federation -- You received this bug notification because you are a member of Yahoo! Engine

[Yahoo-eng-team] [Bug 1461031] [NEW] Federation docs say domain is identified by name not id

nticating [1] https://github.com/openstack/keystone/blob/master/keystone/contrib/federation/utils.py#L529-L533 ** Affects: keystone Importance: Low Assignee: Marek Denis (marek-denis) Status: In Progress ** Tags: documentation ** Changed in: keystone Importance: Undecided =

[Yahoo-eng-team] [Bug 1434653] [NEW] Empty mappring engine white/black lists should be treated differently than lack of them.

ules logic as strict as possible. ** Affects: keystone Importance: Low Assignee: Marek Denis (marek-denis) Status: In Progress ** Changed in: keystone Assignee: (unassigned) => Marek Denis (marek-denis) -- You received this bug notification because you are a member of Yahoo

[Yahoo-eng-team] [Bug 1419114] Re: Nova api 'Authorization failed for token' with federated scoped token

Hi Willian, Glad it worked. What improvements are you thinking of? Some warning, because V3 only functionality was being used with V2 API ? Thanks, Marek ** Changed in: keystone Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering

[Yahoo-eng-team] [Bug 1416459] [NEW] Disabling identity providers doesn't work

Public bug reported: During federated authentication we don't check if the identity provider is disabled or not. ** Affects: keystone Importance: Undecided Assignee: Marek Denis (marek-denis) Status: New ** Changed in: keystone Assignee: (unassigned) => Mar

[Yahoo-eng-team] [Bug 1401057] [NEW] Direct mapping in mapping rules don't work with keywords

Public bug reported: Federation mapping engine doesn't work correctly when a rule to be directly mapped has special keywords (any_one_of or not_any_of). For instance: rules = [ { "local": [ { "user": { "name": "{0}" } }, {

[Yahoo-eng-team] [Bug 1374033] [NEW] wsgi generating wrong entity_id values when issuing saml assertions.

Public bug reported: Attribute issuer should always be set to CONF.saml.idp_entity_id, otherwise entityID from the IdP metadata and the generated assertion can differ and hence make Service Provider reject the assertion. ** Affects: keystone Importance: Undecided Assignee: Marek Denis

[Yahoo-eng-team] [Bug 1373961] [NEW] Missing version attribute while generating K2K SAML assertion

Assignee: Marek Denis (marek-denis) Status: New ** Changed in: keystone Assignee: (unassigned) => Marek Denis (marek-denis) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.

[Yahoo-eng-team] [Bug 1372956] [NEW] Wrong idp_metadata_path parameter group

Denis (marek-denis) Status: New ** Changed in: keystone Assignee: (unassigned) => Marek Denis (marek-denis) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1372956 Title: Wr

[Yahoo-eng-team] [Bug 1369986] [NEW] Federaton extension fails due to missing pysaml2 library

pysaml2 to the requirements.txt file. ** Affects: keystone Importance: Undecided Assignee: Marek Denis (marek-denis) Status: New ** Changed in: keystone Assignee: (unassigned) => Marek Denis (marek-denis) -- You received this bug notification because you are a member of Ya

[Yahoo-eng-team] [Bug 1368690] [NEW] Keystone2Keystone extension leaks file descriptors

/rohe/pysaml2/blob/master/src/saml2/sigver.py#L643) Proposed fix: File a bug in pysaml2 and propose a fix for pysaml2 library. ** Affects: keystone Importance: Undecided Assignee: Marek Denis (marek-denis) Status: New ** Changed in: keystone Assignee: (unassigned) =&g

[Yahoo-eng-team] [Bug 1350713] [NEW] Store configuration error in sheepdog

Public bug reported: I have found following errors along with the "deprecated" warning 2014-07-30 21:05:14.971 9608 ERROR glance.store.sheepdog [-] Error in store configuration: [Errno 2] No such file or directory 2014-07-30 21:05:14.972 9608 WARNING glance.store [-] Deprecated: glance.store.sh

[Yahoo-eng-team] [Bug 1348680] [NEW] Missing headers in cURL examples in federation docs.

** Affects: keystone Importance: Undecided Assignee: Marek Denis (marek-denis) Status: In Progress ** Changed in: keystone Assignee: (unassigned) => Marek Denis (marek-denis) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which

[Yahoo-eng-team] [Bug 1336265] [NEW] Wrong HTTP examples in OS-FEDERATION Trusted Attributes API docs

Public bug reported: OS-FEDERATION IDentity API's trusted attribute's HTTP requests and responses are not correct: For instance (https://github.com/openstack/identity- api/blob/master/v3/src/markdown/identity-api-v3-os-federation-ext.md #get-an-identity-providers-set-of-trusted-attributes-get-os-

[Yahoo-eng-team] [Bug 1336258] [NEW] Section 'links' misplaced in OS-FEDERATION identity API

{ "type": "orgPersonType", "not_any_of": [ "Contractor", "Guest" ] } ]

[Yahoo-eng-team] [Bug 1275695] Re: Enabling Federation extension causes "Unregistered dependency: federation_api"

** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1275695 Title: Enabling Federation extension causes "Unregistered depen

[Yahoo-eng-team] [Bug 1312221] [NEW] Add user objects to mapping rules examples in OS-FEDERATION docs

he OS-FEDERATION extension include. This should be fixed, as well as docs should clearly state that all the rules should map the user name. ** Affects: keystone Importance: Undecided Assignee: Marek Denis (marek-denis) Status: New ** Changed in: keystone Assignee: (unassigned) =&g

[Yahoo-eng-team] [Bug 1296348] [NEW] /v3/auth/tokens cannot be used for issuing unscoped tokens during federated authn

data used by the client is lost (due to many HTTP redirections between SP and IdP) it's advised for clients to access URL with IdP and protocol specified in the URL. ** Affects: keystone Importance: Undecided Assignee: Marek Denis (marek-denis) Status: New ** Changed in: key

[Yahoo-eng-team] [Bug 1294393] [NEW] FederatedTokenTests.scope_to_bad_project test is disabled due to its naming

Public bug reported: method test_v3_federation.FederatedTokenTests.scope_to_bad_project() should be renamed to test_scope_to_bad_project in order to be called when testsuite is executed. ** Affects: keystone Importance: Undecided Assignee: Marek Denis (marek-denis) Status: New

[Yahoo-eng-team] [Bug 1294150] [NEW] Keystone fails when returning unscoped federated token as XML

RACE keystone.middleware.core File "apihelpers.pxi", line 1575, in lxml.etree._tagValidOrRaise (src/lxml/lxml.etree.c:27942) TRACE keystone.middleware.core ValueError: Invalid tag name u'OS-FEDERATION:groups' ** Affects: keystone Importance: Undecided Assignee: Marek

[Yahoo-eng-team] [Bug 1293436] [NEW] Allow filtering variables passed to the RuleProcessor

Public bug reported: During SAML2 authentication the whole environment dictionary is passed to the RuleProcessor object (this dictionary will only contain basestring inheriting values after the bug #1290258 is fixed). It'd be much better to additionally let users filter what can be passed to t

[Yahoo-eng-team] [Bug 1290258] [NEW] Group ids are not validated after SAML2->groups mapping and federated token scoping

log a warning and remove nonexisting groups from the list. The same policy should be applied when scoping federated unsoped token. ** Affects: keystone Importance: Undecided Assignee: Marek Denis (marek-denis) Status: New ** Changed in: keystone Assignee: (unassigned) =&

[Yahoo-eng-team] [Bug 1288124] [NEW] Update docstrings in auth/tokens/plugins/saml2.py and contrib/federation/routers.py

Public bug reported: Files keystone/auth/tokens/plugins/saml2.py and keystone/contrib/federation/routers.py have outdated docstrings. They should be fixed to match the current code. ** Affects: keystone Importance: Undecided Assignee: Marek Denis (marek-denis) Status: New