The response shows the actual group id but the domain shows 'Federated', so that made me to be not sure if that is the intended behavior. Since it's documented, I'm cool with that ;-)
** Changed in: keystone Status: Incomplete => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1545202 Title: Domain info is not shown in federated token validation response Status in OpenStack Identity (keystone): Invalid Bug description: When validating a federated token, the group id info shows in the response but the domain info does not show, only shows 'Federated' for both domain id and domain name. HTTP/1.1 200 OK Date: Fri, 12 Feb 2016 21:24:16 GMT Server: Apache/2.4.10 (Debian) X-Subject-Token: b6c115ce0aed425baf3e8ed104da945d Vary: X-Auth-Token x-openstack-request-id: req-6c1a9a92-f3f9-48a2-8767-61001c77cadd Content-Length: 419 Content-Type: application/json {"token": {"methods": ["saml2"], "expires_at": "2016-02-13T01:20:20.037092Z", "extras": {}, "user": {"OS-FEDERATION": {"identity_provider": {"id": "ks_fed1_idp"}, "protocol": {"id": "saml2"}, "groups": [{"id": "357f50fed4cc4f00804cd8da821426ea"}]}, "domain": {"id": "Federated", "name": "Federated"}, "id": "admin", "name": "admin"}, "audit_ids": ["gCNZNyOAQfughh3tPMyEhQ"], "issued_at": "2016-02-12T21:20:20.037127Z"}} To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1545202/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp