Confirmed Class B1 ** Information type changed from Private Security to Public
** Changed in: ossa Status: Incomplete => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1390124 Title: No validation between client's IdP and Keystone IdP Status in OpenStack Identity (Keystone): Triaged Status in OpenStack Security Advisories: Won't Fix Status in OpenStack Security Notes: In Progress Bug description: With today's configuration there is no strict link between federated assertion issued by a trusted IdP and a IdP configured inside Keystone. Hence, user has ability to choose a mapping and possibly get unauthorized access. Proposed solution: setup a IdP identified included in an assertion issued by a IdP and validate whether that both values are equal. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1390124/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp