[Bug 1833299] Re: lasso includes "Destination" attribute in SAML AuthnRequest populated with SP AssertionConsumerServiceURL when ECP workflow is used which leads to IdP-side errors

Dmitrii Shcherbakov Thu, 18 Jul 2019 23:21:33 -0700

Disco verification:

 apt policy liblasso3
liblasso3:
  Installed: 2.6.0-2ubuntu0.1
  Candidate: 2.6.0-2ubuntu0.1
  Version table:
 *** 2.6.0-2ubuntu0.1 1000
        399 http://archive.ubuntu.com/ubuntu disco-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     2.6.0-2build1 400
        400 http://archive.ubuntu.com/ubuntu disco/main amd64 Packages


env | grep OS_
OS_IDENTITY_PROVIDER_URL=https://samltest.id/idp/profile/SAML2/SOAP/ECP
OS_AUTH_URL=https://keystone.maas:5000/v3
OS_PROTOCOL=saml2
OS_REGION_NAME=RegionOne
OS_PROJECT_NAME=scooper@samltest.id_project
OS_PROJECT_DOMAIN_NAME=samltestid
OS_IDENTITY_API_VERSION=3
OS_AUTH_TYPE=v3samlpassword
OS_IDENTITY_PROVIDER=samltestid
OS_INTERFACE=internal
OS_PASSWORD=bazinga
OS_USERNAME=<redacted>
OS_CACERT=/home/ubuntu/bundles/vault-ca.crt

openstack token issue -v --debug
START with options: token issue -v --debug
options: Namespace(access_key='', access_secret='***', access_token='***', 
access_token_endpoint='', access_token_type='', application_credential_id='', 
application_credential_name='', application_credential_secret='***', 
auth_type='v3samlpassword', auth_url='https://keystone.maas:5000/v3', 
cacert='/home/ubuntu/bundles/vault-ca.crt', cert='', client_id='', 
client_secret='***', cloud='', code='', consumer_key='', consumer_secret='***', 
debug=True, default_domain='default', default_domain_id='', 
default_domain_name='', deferred_help=False, discovery_endpoint='', 
domain_id='', domain_name='', endpoint='', identity_provider='samltestid', 
identity_provider_url='https://samltest.id/idp/profile/SAML2/SOAP/ECP', 
insecure=None, interface='internal', key='', log_file=None, openid_scope='', 
os_beta_command=False, os_compute_api_version='', os_identity_api_version='3', 
os_image_api_version='', os_key_manager_api_version='1', 
os_network_api_version='', os_object_api_version='', 
os_orchestration_api_version='1', os_project_id=None, os_project_name=None, 
os_volume_api_version='', passcode='', password='***', project_domain_id='', 
project_domain_name='samltestid', project_id='', 
project_name='scooper@samltest.id_project', protocol='saml2', redirect_uri='', 
region_name='RegionOne', remote_project_domain_id='', 
remote_project_domain_name='', remote_project_id='', remote_project_name='', 
service_provider='', service_provider_endpoint='', 
service_provider_entity_id='', system_scope='', timing=False, token='***', 
trust_id='', url='', user_domain_id='', user_domain_name='', user_id='', 
username='sheldon', verbose_level=3, verify=None)
Auth plugin v3samlpassword selected
auth_config_hook(): {'api_timeout': None, 'verify': True, 'cacert': 
'/home/ubuntu/bundles/vault-ca.crt', 'cert': None, 'key': None, 
'baremetal_status_code_retries': '5', 'image_status_code_retries': '5', 
'disable_vendor_agent': {}, 'interface': 'internal', 'floating_ip_source': 
'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': 
'', 'network_api_version': '2', 'object_store_api_version': '1', 
'secgroup_source': 'neutron', 'status': 'active', 'auth': 
{'project_domain_name': 'samltestid', 'project_name': 
'scooper@samltest.id_project'}, 'verbose_level': 3, 'deferred_help': False, 
'debug': True, 'region_name': 'RegionOne', 'default_domain': 'default', 
'timing': False, 'auth_url': 'https://keystone.maas:5000/v3', 'username': 
'sheldon', 'password': '***', 'identity_provider': 'samltestid', 'protocol': 
'saml2', 'identity_provider_url': 
'https://samltest.id/idp/profile/SAML2/SOAP/ECP', 'beta_command': False, 
'identity_api_version': '3', 'orchestration_api_version': '1', 
'key_manager_api_version': '1', 'auth_type': 'v3samlpassword', 'networks': []}
defaults: {'api_timeout': None, 'verify': True, 'cacert': None, 'cert': None, 
'key': None, 'auth_type': 'password', 'baremetal_status_code_retries': 5, 
'image_status_code_retries': 5, 'disable_vendor_agent': {}, 'interface': 
'public', 'floating_ip_source': 'neutron', 'image_api_use_tasks': False, 
'image_format': 'qcow2', 'message': '', 'network_api_version': '2', 
'object_store_api_version': '1', 'secgroup_source': 'neutron', 'status': 
'active'}
cloud cfg: {'api_timeout': None, 'verify': True, 'cacert': 
'/home/ubuntu/bundles/vault-ca.crt', 'cert': None, 'key': None, 
'baremetal_status_code_retries': '5', 'image_status_code_retries': '5', 
'disable_vendor_agent': {}, 'interface': 'internal', 'floating_ip_source': 
'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': 
'', 'network_api_version': '2', 'object_store_api_version': '1', 
'secgroup_source': 'neutron', 'status': 'active', 'auth': 
{'project_domain_name': 'samltestid', 'project_name': 
'scooper@samltest.id_project'}, 'verbose_level': 3, 'deferred_help': False, 
'debug': True, 'region_name': 'RegionOne', 'default_domain': 'default', 
'timing': False, 'auth_url': 'https://keystone.maas:5000/v3', 'username': 
'sheldon', 'password': '***', 'identity_provider': 'samltestid', 'protocol': 
'saml2', 'identity_provider_url': 
'https://samltest.id/idp/profile/SAML2/SOAP/ECP', 'beta_command': False, 
'identity_api_version': '3', 'orchestration_api_version': '1', 
'key_manager_api_version': '1', 'auth_type': 'v3samlpassword', 'networks': []}
compute API version 2.1, cmd group openstack.compute.v2
identity API version 3, cmd group openstack.identity.v3
image API version 2, cmd group openstack.image.v2
network API version 2, cmd group openstack.network.v2
object_store API version 1, cmd group openstack.object_store.v1
volume API version 2, cmd group openstack.volume.v2
neutronclient API version 2, cmd group openstack.neutronclient.v2
orchestration API version 1, cmd group openstack.orchestration.v1
key_manager API version 1, cmd group openstack.key_manager.v1
Auth plugin v3samlpassword selected
auth_config_hook(): {'api_timeout': None, 'verify': True, 'cacert': 
'/home/ubuntu/bundles/vault-ca.crt', 'cert': None, 'key': None, 
'baremetal_status_code_retries': '5', 'image_status_code_retries': '5', 
'disable_vendor_agent': {}, 'interface': 'internal', 'floating_ip_source': 
'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': 
'', 'network_api_version': '2', 'object_store_api_version': '1', 
'secgroup_source': 'neutron', 'status': 'active', 'auth': 
{'project_domain_name': 'samltestid', 'project_name': 
'scooper@samltest.id_project'}, 'verbose_level': 3, 'deferred_help': False, 
'debug': True, 'region_name': 'RegionOne', 'default_domain': 'default', 
'timing': False, 'auth_url': 'https://keystone.maas:5000/v3', 'username': 
'sheldon', 'password': '***', 'identity_provider': 'samltestid', 'protocol': 
'saml2', 'identity_provider_url': 
'https://samltest.id/idp/profile/SAML2/SOAP/ECP', 'beta_command': False, 
'identity_api_version': '3', 'orchestration_api_version': '1', 
'key_manager_api_version': '1', 'auth_type': 'v3samlpassword', 'networks': []}
Auth plugin v3samlpassword selected
auth_config_hook(): {'api_timeout': None, 'verify': True, 'cacert': 
'/home/ubuntu/bundles/vault-ca.crt', 'cert': None, 'key': None, 
'baremetal_status_code_retries': '5', 'image_status_code_retries': '5', 
'disable_vendor_agent': {}, 'interface': 'internal', 'floating_ip_source': 
'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': 
'', 'network_api_version': '2', 'object_store_api_version': '1', 
'secgroup_source': 'neutron', 'status': 'active', 'auth': 
{'project_domain_name': 'samltestid', 'project_name': 
'scooper@samltest.id_project'}, 'verbose_level': 3, 'deferred_help': False, 
'debug': True, 'region_name': 'RegionOne', 'default_domain': 'default', 
'timing': False, 'auth_url': 'https://keystone.maas:5000/v3', 'username': 
'sheldon', 'password': '***', 'identity_provider': 'samltestid', 'protocol': 
'saml2', 'identity_provider_url': 
'https://samltest.id/idp/profile/SAML2/SOAP/ECP', 'beta_command': False, 
'identity_api_version': '3', 'orchestration_api_version': '1', 
'key_manager_api_version': '1', 'auth_type': 'v3samlpassword', 'networks': []}
command: token issue -> openstackclient.identity.v3.token.IssueToken (auth=True)
Auth plugin v3samlpassword selected
auth_config_hook(): {'api_timeout': None, 'verify': True, 'cacert': 
'/home/ubuntu/bundles/vault-ca.crt', 'cert': None, 'key': None, 
'baremetal_status_code_retries': '5', 'image_status_code_retries': '5', 
'disable_vendor_agent': {}, 'interface': 'internal', 'floating_ip_source': 
'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': 
'', 'network_api_version': '2', 'object_store_api_version': '1', 
'secgroup_source': 'neutron', 'status': 'active', 'auth': 
{'project_domain_name': 'samltestid', 'project_name': 
'scooper@samltest.id_project'}, 'additional_user_agent': [('osc-lib', 
'1.12.1')], 'verbose_level': 3, 'deferred_help': False, 'debug': True, 
'region_name': 'RegionOne', 'default_domain': 'default', 'timing': False, 
'auth_url': 'https://keystone.maas:5000/v3', 'username': 'sheldon', 'password': 
'***', 'identity_provider': 'samltestid', 'protocol': 'saml2', 
'identity_provider_url': 'https://samltest.id/idp/profile/SAML2/SOAP/ECP', 
'beta_command': False, 'identity_api_version': '3', 
'orchestration_api_version': '1', 'key_manager_api_version': '1', 'auth_type': 
'v3samlpassword', 'networks': []}
Using auth plugin: v3samlpassword
Using parameters {'auth_url': 'https://keystone.maas:5000/v3', 'project_name': 
'scooper@samltest.id_project', 'project_domain_name': 'samltestid', 
'identity_provider': 'samltestid', 'protocol': 'saml2', 
'identity_provider_url': 'https://samltest.id/idp/profile/SAML2/SOAP/ECP', 
'username': 'sheldon', 'password': '***'}
Get auth_ref
REQ: curl -g -i --cacert "/home/ubuntu/bundles/vault-ca.crt" -X GET 
https://keystone.maas:5000/v3/OS-FEDERATION/identity_providers/samltestid/protocols/saml2/auth
 -H "User-Agent: openstacksdk/0.26.0 keystoneauth1/3.13.1 
python-requests/2.18.4 CPython/3.6.8"
Starting new HTTPS connection (1): keystone.maas
https://keystone.maas:5000 "GET 
/v3/OS-FEDERATION/identity_providers/samltestid/protocols/saml2/auth HTTP/1.1" 
200 3144
Starting new HTTPS connection (1): samltest.id
https://samltest.id:443 "POST /idp/profile/SAML2/SOAP/ECP HTTP/1.1" 200 None
https://keystone.maas:5000 "POST 
/v3/OS-FEDERATION/identity_providers/samltestid/protocols/saml2/auth/mellon/paosResponse
 HTTP/1.1" 303 382
Starting new HTTPS connection (2): keystone.maas
https://keystone.maas:5000 "GET 
/v3/OS-FEDERATION/identity_providers/samltestid/protocols/saml2/auth HTTP/1.1" 
201 403
RESP: [201] Cache-Control: private, max-age=0, must-revalidate, private, 
max-age=0, must-revalidate Connection: Keep-Alive Content-Length: 403 
Content-Type: application/json Date: Fri, 19 Jul 2019 06:07:00 GMT Keep-Alive: 
timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Vary: X-Auth-Token 
X-Distribution: Ubuntu X-Subject-Token: 
{SHA256}53213975819219cea5f7ec8e6cd9a4633d9089cef363fefabcb69e12df7b5842 
x-openstack-request-id: req-79f04296-5ab4-4253-8fcb-8e4f9824aafe
RESP BODY: {"token": {"methods": ["saml2"], "user": {"domain": {"id": 
"Federated", "name": "Federated"}, "id": "59f289a633f347c8998108cbfda2d91f", 
"name": "scoo...@samltest.id", "OS-FEDERATION": {"groups": [], 
"identity_provider": {"id": "samltestid"}, "protocol": {"id": "saml2"}}}, 
"audit_ids": ["m2uUmXaOTbeYmYU1B5G4kA"], "expires_at": 
"2019-07-19T07:07:08.000000Z", "issued_at": "2019-07-19T06:07:08.000000Z"}}
GET call to 
https://keystone.maas:5000/v3/OS-FEDERATION/identity_providers/samltestid/protocols/saml2/auth
 used request id req-79f04296-5ab4-4253-8fcb-8e4f9824aafe
Making authentication request to https://keystone.maas:5000/v3/auth/tokens
https://keystone.maas:5000 "POST /v3/auth/tokens HTTP/1.1" 201 7824
{"token": {"methods": ["token", "saml2"], "user": {"domain": {"id": 
"Federated", "name": "Federated"}, "id": "59f289a633f347c8998108cbfda2d91f", 
"name": "scoo...@samltest.id", "OS-FEDERATION": {"groups": [], 
"identity_provider": {"id": "samltestid"}, "protocol": {"id": "saml2"}}}, 
"audit_ids": ["JIYZkBggSAauxkf7lLe6Xg"], "expires_at": 
"2019-07-19T07:07:11.000000Z", "issued_at": "2019-07-19T06:07:11.000000Z", 
"project": {"domain": {"id": "b95a181bc2c24090beed0bd8ae359fc8", "name": 
"samltestid"}, "id": "9d218caa80da487cb5149fb3f957dc8a", "name": 
"scooper@samltest.id_project"}, "is_domain": false, "roles": [{"id": 
"e4ab04a7c6ec4c91a826b2a3ba333407", "name": "Member", "domain_id": null}], 
"is_admin_project": false, "catalog": [{"endpoints": [{"id": 
"05e2c8e5c6e1447c8068d8e1d8c01b30", "interface": "admin", "region_id": 
"RegionOne", "url": "http://radosgw.maas:80/swift";, "region": "RegionOne"}, 
{"id": "403998887b724dd397c3a231dfe77e8f", "interface": "public", "region_id": 
"RegionOne", "url": "http://radosgw.maas:80/swift/v1/simplestreams/data/";, 
"region": "RegionOne"}, {"id": "5b5e1adcd0c44255990ee221b0a9832e", "interface": 
"internal", "region_id": "RegionOne", "url": 
"http://radosgw.maas:80/swift/v1/simplestreams/data/";, "region": "RegionOne"}], 
"id": "29b75796463c46abacf836fc56be419e", "type": "product-streams", "name": 
"image-stream"}, {"endpoints": [{"id": "75901d10838d47c2b2a9f807857efd75", 
"interface": "internal", "region_id": "RegionOne", "url": 
"https://keystone.maas:5000/v3";, "region": "RegionOne"}, {"id": 
"c1f4fc1d0f23461a9414e1ee4e786757", "interface": "admin", "region_id": 
"RegionOne", "url": "https://keystone.maas:35357/v3";, "region": "RegionOne"}, 
{"id": "e13b64ff816c41cf8e01d4133c427eae", "interface": "public", "region_id": 
"RegionOne", "url": "https://keystone.maas:5000/v3";, "region": "RegionOne"}], 
"id": "2f6eab7a36cf405195cc53bb692d4f77", "type": "identity", "name": 
"keystone"}, {"endpoints": [{"id": "1912d2bb31f5496c90a3e19a545799b5", 
"interface": "admin", "region_id": "RegionOne", "url": 
"https://10.232.1.211:8004/v1/9d218caa80da487cb5149fb3f957dc8a";, "region": 
"RegionOne"}, {"id": "750fc1a621334e2a9ad558efae662fc2", "interface": "public", 
"region_id": "RegionOne", "url": 
"https://10.232.1.211:8004/v1/9d218caa80da487cb5149fb3f957dc8a";, "region": 
"RegionOne"}, {"id": "fc92e355df594f2b8ff3680cabfa55d8", "interface": 
"internal", "region_id": "RegionOne", "url": 
"https://10.232.1.211:8004/v1/9d218caa80da487cb5149fb3f957dc8a";, "region": 
"RegionOne"}], "id": "5e4b5e1b5be14b89bcd584830edf9144", "type": 
"orchestration", "name": "heat"}, {"endpoints": [{"id": 
"1f7c9bb7a8a840e28e79781e11fbfbc5", "interface": "public", "region_id": 
"RegionOne", "url": "https://designate.maas:9001";, "region": "RegionOne"}, 
{"id": "ec9da628e01d410b9adea2ae78f8a7ed", "interface": "internal", 
"region_id": "RegionOne", "url": "https://designate.maas:9001";, "region": 
"RegionOne"}, {"id": "ed7b78611550435bacd939f8a983604b", "interface": "admin", 
"region_id": "RegionOne", "url": "https://designate.maas:9001";, "region": 
"RegionOne"}], "id": "704d8c7d02eb47c683e8bcd1c2f3b8a0", "type": "dns", "name": 
"designate"}, {"endpoints": [{"id": "7bb706716c7c45f19717211dc0de3df9", 
"interface": "admin", "region_id": "RegionOne", "url": 
"https://nova.maas:8774/v2.1";, "region": "RegionOne"}, {"id": 
"898f40c1e86340da8af9dc99f3d5a42b", "interface": "public", "region_id": 
"RegionOne", "url": "https://nova.maas:8774/v2.1";, "region": "RegionOne"}, 
{"id": "d7e1f42309de4e9680d22af11636e8f5", "interface": "internal", 
"region_id": "RegionOne", "url": "https://nova.maas:8774/v2.1";, "region": 
"RegionOne"}], "id": "834879dda26149cfbd3de556afb3b67b", "type": "compute", 
"name": "nova"}, {"endpoints": [{"id": "23be8750e0b346b1a031e9d27a4c1270", 
"interface": "internal", "region_id": "RegionOne", "url": 
"https://10.232.1.211:8000/v1";, "region": "RegionOne"}, {"id": 
"d1311ad325e54d32a0143926387066e9", "interface": "public", "region_id": 
"RegionOne", "url": "https://10.232.1.211:8000/v1";, "region": "RegionOne"}, 
{"id": "e6c71fa290874ba093c4ceea4ef89347", "interface": "admin", "region_id": 
"RegionOne", "url": "https://10.232.1.211:8000/v1";, "region": "RegionOne"}], 
"id": "88c75b090042412bae051f2810922d8d", "type": "cloudformation", "name": 
"heat-cfn"}, {"endpoints": [{"id": "3a049f7297dd490c869a750d88c414b6", 
"interface": "public", "region_id": "RegionOne", "url": 
"https://cinder.maas:8776/v2/9d218caa80da487cb5149fb3f957dc8a";, "region": 
"RegionOne"}, {"id": "72be0508859f42db85b7ab788d9e4aee", "interface": 
"internal", "region_id": "RegionOne", "url": 
"https://cinder.maas:8776/v2/9d218caa80da487cb5149fb3f957dc8a";, "region": 
"RegionOne"}, {"id": "9a4175e8d573497e83d716f177e91b7e", "interface": "admin", 
"region_id": "RegionOne", "url": 
"https://cinder.maas:8776/v2/9d218caa80da487cb5149fb3f957dc8a";, "region": 
"RegionOne"}], "id": "88f602a8ff4640bfad069fc91e4bc1f5", "type": "volumev2", 
"name": "cinderv2"}, {"endpoints": [{"id": "09c51466dde54ad7b3ba6f44e378f3b3", 
"interface": "internal", "region_id": "RegionOne", "url": 
"https://glance.maas:9292";, "region": "RegionOne"}, {"id": 
"27a8573f0032462abd1643650ec5ac1e", "interface": "public", "region_id": 
"RegionOne", "url": "https://glance.maas:9292";, "region": "RegionOne"}, {"id": 
"a1387098bf3246d9af2f291c523e17c6", "interface": "admin", "region_id": 
"RegionOne", "url": "https://glance.maas:9292";, "region": "RegionOne"}], "id": 
"916c1cafbedc4f31a20e6a5a0775f5eb", "type": "image", "name": "glance"}, 
{"endpoints": [{"id": "216f32b0bef0447baca80680947a5ded", "interface": 
"public", "region_id": "RegionOne", "url": "https://neutron.maas:9696";, 
"region": "RegionOne"}, {"id": "217c22196e6744d287063f0244469e29", "interface": 
"internal", "region_id": "RegionOne", "url": "https://neutron.maas:9696";, 
"region": "RegionOne"}, {"id": "c8eae74ea9f04887863969b6c8efc8c5", "interface": 
"admin", "region_id": "RegionOne", "url": "https://neutron.maas:9696";, 
"region": "RegionOne"}], "id": "bef8f20594414c7b8d68848dfe3a491a", "type": 
"network", "name": "neutron"}, {"endpoints": [{"id": 
"2225e1d18421409297abd0a4ca1615cb", "interface": "internal", "region_id": 
"RegionOne", "url": "https://nova.maas:8778";, "region": "RegionOne"}, {"id": 
"3fca156ebafd49edad06a5a8eb994f94", "interface": "public", "region_id": 
"RegionOne", "url": "https://nova.maas:8778";, "region": "RegionOne"}, {"id": 
"f9b008edc49644038a229cc6937065e8", "interface": "admin", "region_id": 
"RegionOne", "url": "https://nova.maas:8778";, "region": "RegionOne"}], "id": 
"cf3e56ab8cc04ceca02df098afb0015c", "type": "placement", "name": "placement"}, 
{"endpoints": [{"id": "20b187d3d9b84777ac1bb2fc35b54a68", "interface": "admin", 
"region_id": "RegionOne", "url": "https://radosgw.maas:80/swift";, "region": 
"RegionOne"}, {"id": "3098dad00da74a18b1b3f9f1306ba9a1", "interface": 
"internal", "region_id": "RegionOne", "url": 
"https://radosgw.maas:80/swift/v1";, "region": "RegionOne"}, {"id": 
"45f850604f514f1c9f64cddca122e1f5", "interface": "public", "region_id": 
"RegionOne", "url": "https://radosgw.maas:80/swift/v1";, "region": 
"RegionOne"}], "id": "f060d93a4d554c8f83f2161d84f91f0f", "type": 
"object-store", "name": "swift"}, {"endpoints": [{"id": 
"35b8afb2dd6345bd8cc54c88d7a07d39", "interface": "admin", "region_id": 
"RegionOne", "url": 
"https://cinder.maas:8776/v3/9d218caa80da487cb5149fb3f957dc8a";, "region": 
"RegionOne"}, {"id": "fc2751efe0424db9b2de99123e0af0d0", "interface": 
"internal", "region_id": "RegionOne", "url": 
"https://cinder.maas:8776/v3/9d218caa80da487cb5149fb3f957dc8a";, "region": 
"RegionOne"}, {"id": "fea01b80f0c64140b8fb7d1f920c52ae", "interface": "public", 
"region_id": "RegionOne", "url": 
"https://cinder.maas:8776/v3/9d218caa80da487cb5149fb3f957dc8a";, "region": 
"RegionOne"}], "id": "fc51e3bf8c4d4e02821a65b6a8b816b0", "type": "volumev3", 
"name": "cinderv3"}]}}
run(Namespace(columns=[], fit_width=False, formatter='table', max_width=0, 
noindent=False, prefix='', print_empty=False, variables=[]))
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                            
                                                                                
                                       |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2019-07-19T07:07:11+0000                                         
                                                                                
                                       |
| id         | 
gAAAAABdMV4PvClEuZ2PPcVayi6WXK9yJwa97QsLUtFVlY61FzJbvzckCB1WEd-Osz2dlSN5372TT4O4ngzqoNA27xODwlXWDIK4TraBBGS7runCjFq_9IfgzW93sItOO_txwqeDqjSQoPWdfC7OCbnwpv12dFpTsyXwPVivw_-_3sFiA83zZDA
 |
| project_id | 9d218caa80da487cb5149fb3f957dc8a                                 
                                                                                
                                       |
| user_id    | 59f289a633f347c8998108cbfda2d91f                                 
                                                                                
                                       |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
clean_up IssueToken: 
END return value: 0


** Tags removed: verification-needed verification-needed-bionic 
verification-needed-disco
** Tags added: verification-done verification-done-bionic 
verification-done-disco

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1833299

Title:
  lasso includes "Destination" attribute in SAML AuthnRequest populated
  with SP AssertionConsumerServiceURL when ECP workflow is used which
  leads to IdP-side errors

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lasso/+bug/1833299/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1833299] Re: lasso includes "Destination" attribute in SAML AuthnRequest populated with SP AssertionConsumerServiceURL when ECP workflow is used which leads to IdP-side errors

Reply via email to