Currently, a keystone IdP does not provide the
groups to which user belong when generating SAML
assertions.This patch adds an additional attribute
called "openstack_groups" in the assertion.
testshib.org is no longer maintained and has been broken for some
time. Use the new samltest.id provider instead.
This is not a permanent solution, this is a stopgap measure until we
configure our own IdP in the devstack plugin.
* In shibboleth2.xml make the ENTITY_ID and METADATA_URL
* Copy over an attribute map that includes support for
keystone as an idp attributes.