openstack
/
keystone
Code Issues Proposed changes
keystone/keystone
History
Lance Bragstad f463bdccf1 Validate identity providers during token validation 
Previously, it was possible to validate a federated keystone token
after the identity provider associated by that token was deleted,
which is a security concern.

This commit does two things. First it makes it so that the token
cache is invalidated when identity providers are deleted. Second,
it validates the identity provider in the token data and ensures it
actually exists in the system before considering the token valid.

Change-Id: I57491c5a7d657b25cc436452acd7fcc4cd285839
Closes-Bug: 1291157
 		2018-02-01 23:33:42 +00:00
..
application_credential Impose limits on application credentials 2018-01-27 12:00:23 +01:00
assignment Implement system-scoped tokens 2018-01-23 23:33:43 +00:00
auth Add application credential auth plugin 2018-01-27 12:00:19 +01:00
catalog Use keystone.common.provider_api for catalog APIs 2017-12-27 16:32:18 +00:00
cmd Merge "Rename fernet_utils to token_utils" 2018-01-16 13:48:28 +00:00
common Merge "Add scope_types to endpoint group policies" 2018-02-01 10:02:51 +00:00
conf Merge "Impose limits on application credentials" 2018-01-31 22:16:25 +00:00
contrib Remove Dependency Injection 2017-12-13 10:59:39 -08:00
credential Merge "Rename fernet_utils to token_utils" 2018-01-16 13:48:28 +00:00
endpoint_policy Use keystone.common.provider_api for endpoint_policy APIs 2017-12-27 16:56:49 +00:00
federation Validate identity providers during token validation 2018-02-01 23:33:42 +00:00
identity Merge "Use keystone.common.provider_api for identity APIs" 2018-01-05 07:53:14 +00:00
limit Expose unified limit APIs 2018-01-25 16:33:11 +08:00
locale Imported Translations from Zanata 2018-01-13 06:29:16 +00:00
middleware Implement system-scoped tokens 2018-01-23 23:33:43 +00:00
models Implement system-scoped tokens 2018-01-23 23:33:43 +00:00
oauth1 Add schema check for authorize request token 2018-01-10 14:32:16 +08:00
policy Remove Dependency Injection 2017-12-13 10:59:39 -08:00
resource Use keystone.common.provider_api for resource APIs 2018-01-02 15:32:49 +00:00
revoke Use keystone.common.provider_api for revoke APIs 2017-12-27 17:31:30 +00:00
server Add limit provider 2018-01-25 15:45:44 +08:00
tests Validate identity providers during token validation 2018-02-01 23:33:42 +00:00
token Validate identity providers during token validation 2018-02-01 23:33:42 +00:00
trust Add application credential auth plugin 2018-01-27 12:00:19 +01:00
v2_crud Remove v2.0 identity APIs 2017-09-29 20:42:12 +00:00
version Add Application Credentials controller 2018-01-27 11:55:05 +01:00
__init__.py Revert "Disable eventlet monkey-patching of DNS" 2013-05-10 10:24:48 -04:00
exception.py Impose limits on application credentials 2018-01-27 12:00:23 +01:00
i18n.py Update links in keystone 2017-09-12 15:18:13 +08:00
notifications.py Validate identity providers during token validation 2018-02-01 23:33:42 +00:00