openstack
/
keystone
Code Issues Proposed changes

Suggest users to remove REMOTE_USER from shibd conf 

Shibboleth configuration docs should suggest users to avoid setting
REMOTE_USER environment variable in the shibboleth2.xml config file.

Change-Id: I11ee773dd20375c46e40d70ad09bf0a88182502e
Closes-bug: #1320128
This commit is contained in:
Marek Denis 2014-05-16 16:50:47 +02:00
parent 3ca5ce4377
commit fb5a397fe0
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/source/extensions/shibboleth.rst
View File

@ -151,6 +151,12 @@ environment)::
</SPConfig>
Keystone enforces `external <http://docs.openstack.org/developer/keystone/external-auth.html>`_
authentiation when environment variable ``REMOTE_USER`` is present so
make sure Shibboleth doesn't set the ``REMOTE_USER`` environment variable.
To do so, scan through the ``/etc/shibboleth/shibboleth2.xml`` configuration
file and remove the ``REMOTE_USER`` directives.
Examine your attributes map file ``/etc/shibboleth/attributes-map.xml`` and adjust
your requirements if needed. For more information see
`attributes documentation <https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAddAttribute>`_