openstack-attic
/
identity-api
Code Issues Proposed changes

Add OS-FEDERATION section to scoped federation tokens 

Add an OS-FEDERATION section to the user section in a scoped
federation token. We currently do the same for unscoped tokens.

Change-Id: Ie056297f713f71eb7dd47e6cdea87579c600cfae
Partial-Bug: #1351038
This commit is contained in:
Steve Martinelli 2014-08-04 20:32:48 -04:00
parent a47eba6e4c
commit b37dfa66eb
1 changed files with 74 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
v3/src/markdown/identity-api-v3-os-federation-ext.md
View File

@ -862,3 +862,77 @@ Example request:
}
}
}
Similarly to the returned unscoped token, the returned scoped token will have
an `OS-FEDERATION` section added to the `user` portion of the token.
Example of an OS-FEDERATION token:
{
"token": {
"methods": [
"saml2"
],
"roles": [
{
"id": "36a8989f52b24872a7f0c59828ab2a26",
"name": "admin"
}
],
"expires_at": "2014-08-06T13:43:43.367202Z",
"project": {
"domain": {
"id": "1789d1",
"links": {
"self": "http://identity:35357/v3/domains/1789d1"
},
"name": "example.com"
},
"id": "263fd9",
"links": {
"self": "http://identity:35357/v3/projects/263fd9"
},
"name": "project-x"
},
"catalog": [
{
"endpoints": [
{
"id": "39dc322ce86c4111b4f06c2eeae0841b",
"interface": "public",
"region": "RegionOne",
"url": "http://localhost:5000"
},
{
"id": "ec642f27474842e78bf059f6c48f4e99",
"interface": "internal",
"region": "RegionOne",
"url": "http://localhost:5000"
},
{
"id": "c609fc430175452290b62a4242e8a7e8",
"interface": "admin",
"region": "RegionOne",
"url": "http://localhost:35357"
}
],
"id": "266c2aa381ea46df81bb05ddb02bd14a",
"name": "keystone",
"type": "identity"
}
],
"user": {
"id": "username%40example.com",
"name": "username@example.com",
"OS-FEDERATION": {
"identity_provider": "ACME",
"protocol": "SAML",
"groups": [
{"id": "abc123"},
{"id": "bcd234"}
]
}
},
"issued_at": "2014-08-06T12:43:43.367288Z"
}
}