This has been published as OSSN-0047:
https://wiki.openstack.org/wiki/OSSN/OSSN-0047
** Changed in: ossn
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1390124
Title:
No validation between client's IdP and Keystone IdP
Status in OpenStack Identity (Keystone):
Fix Released
Status in OpenStack Security Advisories:
Won't Fix
Status in OpenStack Security Notes:
Fix Released
Bug description:
With today's configuration there is no strict link between federated
assertion issued by a trusted IdP and a IdP configured inside
Keystone. Hence, user has ability to choose a mapping and possibly get
unauthorized access.
Proposed solution: setup a IdP identified included in an assertion
issued by a IdP and validate whether that both values are equal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1390124/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
