Add warning about using external
with federation
Using both the `external` authentication method and a federation method (such as saml2, etc) can result in conflicts [1] [1] http://docs.openstack.org/developer/keystone/external-auth.html#configuration Change-Id: Ifb95d779d48c14a4fa24a26d016151edf409d760 Related-Bug: #1657978
This commit is contained in:
parent
0a4ca273ae
commit
a551b94dd7
@ -20,7 +20,11 @@ methods = cfg.ListOpt(
|
|||||||
'methods',
|
'methods',
|
||||||
default=constants._DEFAULT_AUTH_METHODS,
|
default=constants._DEFAULT_AUTH_METHODS,
|
||||||
help=utils.fmt("""
|
help=utils.fmt("""
|
||||||
Allowed authentication methods.
|
Allowed authentication methods. Note: You should disable the `external` auth
|
||||||
|
method if you are currently using federation. External auth and federation
|
||||||
|
both use the REMOTE_USER variable. Since both the mapped and external plugin
|
||||||
|
are being invoked to validate attributes in the request environment, it can
|
||||||
|
cause conflicts.
|
||||||
"""))
|
"""))
|
||||||
|
|
||||||
password = cfg.StrOpt( # nosec : This is the name of the plugin, not
|
password = cfg.StrOpt( # nosec : This is the name of the plugin, not
|
||||||
|
Loading…
Reference in New Issue
Block a user