Public bug reported: Tokens are still valid although the domain has already been disable.
Steps to reproduce. 1. create domain "domainA" 2. create user "userA" under domain "domainA" 3. authenticate to get a token "tokenA" for user "userA" 4. disable "domainA" 6. validate "tokenA" and it is still a valid token which is supposed to be invalid. Looks like the fix would be when disabling the domain, all the "un- expired" tokens for this domain should also be disable. ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1336088 Title: Disabling a domain does not disable the previous issued tokens in that domain Status in OpenStack Identity (Keystone): New Bug description: Tokens are still valid although the domain has already been disable. Steps to reproduce. 1. create domain "domainA" 2. create user "userA" under domain "domainA" 3. authenticate to get a token "tokenA" for user "userA" 4. disable "domainA" 6. validate "tokenA" and it is still a valid token which is supposed to be invalid. Looks like the fix would be when disabling the domain, all the "un- expired" tokens for this domain should also be disable. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1336088/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp