Public bug reported: Attempting to get a domain-scoped token with the Fernet token provider returns a token - everything appears to have worked. When validating that token though, it appears to be unpacked as a project-scoped token, which ultimately fails.
The short of it is that domain-scope support doesn't really exist yet, and the current behavior will only work if the hierarchical multitenancy effort successfully migrates domains to be projects. ** Affects: keystone Importance: High Assignee: Dolph Mathews (dolph) Status: Triaged ** Tags: fernet -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1428949 Title: Fernet tokens do not support domain scopes Status in OpenStack Identity (Keystone): Triaged Bug description: Attempting to get a domain-scoped token with the Fernet token provider returns a token - everything appears to have worked. When validating that token though, it appears to be unpacked as a project-scoped token, which ultimately fails. The short of it is that domain-scope support doesn't really exist yet, and the current behavior will only work if the hierarchical multitenancy effort successfully migrates domains to be projects. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1428949/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp