Set default value for [saml]/idp_contact_surname

The keystone federation configuration documentation[1] says that the
Contact options are "advisable" to set, but not strictly necessary.
However, without this patch, the keystone SAML IdP will generate
metadata where one of its tags is malformed:

  <ns0:SurName />

On a Shibboleth-based keystone SP, shibd will successfully start but
fail to retrieve metadata from the IdP, with the message:

  ERROR OpenSAML.MetadataProvider.XML : metadata instance failed manual validation checking: SurName must have TextContent.

Attempting to exchange the SAML assertion will then fail with a 500
error.

While it is advisable for the user to set this surname value, it should
not be strictly necessary, especially in a developer or
proof-of-concept environment. This patch gives the config option a
default value, similar to the other [saml]/idp_contact_* default values.

[1] http://docs.openstack.org/developer/keystone/configure_federation.html#configuration-options

Change-Id: I2742f6b4747f1dc5f5593afae1cfde4e494b7848

This commit is contained in:

Colleen Murphy

2016-08-16 14:24:17 -07:00

parent 0b4f6ebdcc

commit 67490080db

1 changed files with 1 additions and 1 deletions

									
										2

keystone/conf/saml.py
									
										View File
										
				@ -115,7 +115,7 @@ This is the given name of the identity provider's contact person.

				idp_contact_surname = cfg.StrOpt(

				    'idp_contact_surname',

				    default='',

				    default='Support',

				    help=utils.fmt("""

				This is the surname of the identity provider's contact person.

				"""))

Set default value for [saml]/idp_contact_surname

2 keystone/conf/saml.py Unescape Escape View File

2

keystone/conf/saml.py

View File