f463bdccf1
Previously, it was possible to validate a federated keystone token after the identity provider associated by that token was deleted, which is a security concern. This commit does two things. First it makes it so that the token cache is invalidated when identity providers are deleted. Second, it validates the identity provider in the token data and ensures it actually exists in the system before considering the token valid. Change-Id: I57491c5a7d657b25cc436452acd7fcc4cd285839 Closes-Bug: 1291157 |
||
|---|---|---|
| api-ref/source | ||
| config-generator | ||
| devstack | ||
| doc | ||
| etc | ||
| examples/pki | ||
| httpd | ||
| keystone | ||
| keystone_tempest_plugin | ||
| playbooks/legacy | ||
| rally-jobs | ||
| releasenotes | ||
| tools | ||
| .coveragerc | ||
| .gitignore | ||
| .gitreview | ||
| .mailmap | ||
| .stestr.conf | ||
| .zuul.yaml | ||
| CONTRIBUTING.rst | ||
| HACKING.rst | ||
| LICENSE | ||
| README.rst | ||
| babel.cfg | ||
| bindep.txt | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
README.rst
Team and repository tags
OpenStack Keystone
Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.
Developer documentation, the source of which is in
doc/source/, is published at:
The API reference and documentation are available at:
The canonical client library is available at:
https://git.openstack.org/cgit/openstack/python-keystoneclient
Documentation for cloud administrators is available at:
The source of documentation for cloud administrators is available at:
Information about our team meeting is available at:
Bugs and feature requests are tracked on Launchpad at:
Future design work is tracked at:
Contributors are encouraged to join IRC
(#openstack-keystone on freenode):
For information on contributing to Keystone, see
CONTRIBUTING.rst.