d10908caa9
In order for a federated user to be mapped to a local user that exists in the identity backend, the user object in the local mapping rule must have the property "type": "local" set, in addition to having a keystone domain provided. This was probably not the original intention of the local user mapping spec[1], but this is how it ended up being implemented. We could choose to change the behavior of the code, but it has been around long enough that it is possible that deployments are depending on this behavior, and moreover making rules explicit rather than implicit reduces the risk of bugs and mistakes. This patch updates the api-ref documentation and the standard federation documentation to include the "type" property when mapping to local users. In addition, since we now have two keywords called "local" that mean somewhat different things, we expand the context of some of the mapping examples so that both the rule name "local" and the value "local" of the attribute "type" appear in the example, for clarity. Change-Id: Ib35e57e33903de14f9cac1f919c32dfe923ef884 Closes-bug: #1673157 |
||
|---|---|---|
| .. | ||
| v2 | ||
| v2-admin | ||
| v2-ext | ||
| v3 | ||
| v3-ext | ||
| conf.py | ||
| index.rst | ||