** Changed in: keystone Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1402916
Title: unable to validate signature from a keystone issued SAML assertion Status in OpenStack Identity (Keystone): Fix Released Status in Keystone juno series: Fix Committed Bug description: In the keystone 2 keystone federation workflow, a keystone acting as an SP should be able to validate the signature of a SAML assertion from a keystone acting as an IdP. The current work around is to use the NullSecurity rule in the Security Policy file from Shibboleth (this file is usually located at /etc/shibboleth/security-policy.xml): <SecurityPolicies xmlns="urn:mace:shibboleth:2.0:native:sp:config"> <Policy id="default" validate="false"> <PolicyRule type="NullSecurity"/> </Policy> </SecurityPolicies> For what it's worth, it seems that mod_shib performs two other checks in a pipeline fashion, the others being "ExplicitKey" and "PKIX" checks To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1402916/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp