Use idp_id and protocol_id in jsonhome
These are inconsistent with the rest of the federation routes. Note that this doesn't change a public interface, it changes the path variables names that exist within a jsonhome document which should only be referenced within the same href_vars element and some internal variable names. Change-Id: I36d41e95d745bd98d36c3442bd4aa4faa91cab72 Closes-Bug: #1420125
This commit is contained in:
parent
39f9a083f4
commit
4f6cc67941
doc/source
keystone
@ -182,7 +182,7 @@ issue an HTTP POST request with authentication data in the request body. To
|
||||
start federated authentication a user must access the dedicated URL with
|
||||
Identity Provider's and Protocol's identifiers stored within a protected URL.
|
||||
The URL has a format of:
|
||||
``/v3/OS-FEDERATION/identity_providers/{identity_provider}/protocols/{protocol}/auth``.
|
||||
``/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth``.
|
||||
|
||||
In this instance we follow a standard SAML2 authentication procedure, that is,
|
||||
the user will be redirected to the Identity Provider's authentication webpage
|
||||
@ -207,7 +207,7 @@ SAML authentication procedure.
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ curl -X GET -D - http://localhost:5000/v3/OS-FEDERATION/identity_providers/{identity_provider}/protocols/{protocol}/auth
|
||||
$ curl -X GET -D - http://localhost:5000/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth
|
||||
|
||||
Determine accessible resources
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
@ -278,7 +278,7 @@ class Auth(auth_controllers.Auth):
|
||||
|
||||
return host
|
||||
|
||||
def federated_authentication(self, context, identity_provider, protocol):
|
||||
def federated_authentication(self, context, idp_id, protocol_id):
|
||||
"""Authenticate from dedicated url endpoint.
|
||||
|
||||
Build HTTP request body for federated authentication and inject
|
||||
@ -287,10 +287,10 @@ class Auth(auth_controllers.Auth):
|
||||
"""
|
||||
auth = {
|
||||
'identity': {
|
||||
'methods': [protocol],
|
||||
protocol: {
|
||||
'identity_provider': identity_provider,
|
||||
'protocol': protocol
|
||||
'methods': [protocol_id],
|
||||
protocol_id: {
|
||||
'identity_provider': idp_id,
|
||||
'protocol': protocol_id
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -68,10 +68,10 @@ class Routers(wsgi.RoutersBase):
|
||||
DELETE /OS-FEDERATION/service_providers/{sp_id}
|
||||
PATCH /OS-FEDERATION/service_providers/{sp_id}
|
||||
|
||||
GET /OS-FEDERATION/identity_providers/{identity_provider}/
|
||||
protocols/{protocol}/auth
|
||||
POST /OS-FEDERATION/identity_providers/{identity_provider}/
|
||||
protocols/{protocol}/auth
|
||||
GET /OS-FEDERATION/identity_providers/{idp_id}/
|
||||
protocols/{protocol_id}/auth
|
||||
POST /OS-FEDERATION/identity_providers/{idp_id}/
|
||||
protocols/{protocol_id}/auth
|
||||
GET /auth/OS-FEDERATION/identity_providers/
|
||||
{idp_id}/protocols/{protocol_id}/websso
|
||||
?origin=https%3A//horizon.example.com
|
||||
@ -206,14 +206,14 @@ class Routers(wsgi.RoutersBase):
|
||||
# Auth operations
|
||||
self._add_resource(
|
||||
mapper, auth_controller,
|
||||
path=self._construct_url('identity_providers/{identity_provider}/'
|
||||
'protocols/{protocol}/auth'),
|
||||
path=self._construct_url('identity_providers/{idp_id}/'
|
||||
'protocols/{protocol_id}/auth'),
|
||||
get_post_action='federated_authentication',
|
||||
rel=build_resource_relation(
|
||||
resource_name='identity_provider_protocol_auth'),
|
||||
path_vars={
|
||||
'identity_provider': IDP_ID_PARAMETER_RELATION,
|
||||
'protocol': PROTOCOL_ID_PARAMETER_RELATION,
|
||||
'idp_id': IDP_ID_PARAMETER_RELATION,
|
||||
'protocol_id': PROTOCOL_ID_PARAMETER_RELATION,
|
||||
})
|
||||
self._add_resource(
|
||||
mapper, auth_controller,
|
||||
|
@ -169,9 +169,8 @@ BASE_EP_FILTER = BASE_EP_FILTER_PREFIX + '/endpoint_groups/{endpoint_group_id}'
|
||||
BASE_ACCESS_TOKEN = (
|
||||
'/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}')
|
||||
|
||||
# TODO(stevemar): Use BASE_IDP_PROTOCOL when bug 1420125 is resolved.
|
||||
FEDERATED_AUTH_URL = ('/OS-FEDERATION/identity_providers/{identity_provider}'
|
||||
'/protocols/{protocol}/auth')
|
||||
FEDERATED_AUTH_URL = ('/OS-FEDERATION/identity_providers/{idp_id}'
|
||||
'/protocols/{protocol_id}/auth')
|
||||
FEDERATED_IDP_SPECIFIC_WEBSSO = ('/auth/OS-FEDERATION/identity_providers/'
|
||||
'{idp_id}/protocols/{protocol_id}/websso')
|
||||
|
||||
@ -394,12 +393,11 @@ V3_JSON_HOME_RESOURCES_INHERIT_DISABLED = {
|
||||
'href-template': BASE_IDP_PROTOCOL,
|
||||
'href-vars': {
|
||||
'idp_id': IDP_ID_PARAMETER_RELATION}},
|
||||
# TODO(stevemar): Update href-vars when bug 1420125 is resolved.
|
||||
_build_federation_rel(resource_name='identity_provider_protocol_auth'): {
|
||||
'href-template': FEDERATED_AUTH_URL,
|
||||
'href-vars': {
|
||||
'identity_provider': IDP_ID_PARAMETER_RELATION,
|
||||
'protocol': PROTOCOL_ID_PARAM_RELATION, }},
|
||||
'idp_id': IDP_ID_PARAMETER_RELATION,
|
||||
'protocol_id': PROTOCOL_ID_PARAM_RELATION, }},
|
||||
_build_oauth1_rel(resource_name='access_tokens'): {
|
||||
'href': '/OS-OAUTH1/access_token'},
|
||||
_build_oauth1_rel(resource_name='request_tokens'): {
|
||||
|
Loading…
x
Reference in New Issue
Block a user