4ca1a1f028
The ADFSPassword plugin currently sets the WS-Policy 'AppliesTo' EndpointReference Address in the WS-Trust RequestSecurityToken message to the value specified in the ‘service-provider-endpoint’ option. This may not be desirable if the Service Provider's SAML entity ID differs from the WS-Federation Passive Endpoint (i.e. service provider endpoint) consuming the WS-Trust RequestSecurityTokenResponse. This commit introduces the ability to specify the EndpointReference used in the RequestSecurityToken message via the 'service-provider-entity-id' option. If omitted, the EndpointReference defaults to the value provided in the ‘service-provider-endpoint' option to preserve backward compatibility. Change-Id: I842427232db79d628dc29f5a1dcf68e011667dfa Closes-Bug: #1689424
14 lines
500 B
YAML
14 lines
500 B
YAML
---
|
|
prelude: >
|
|
Allow setting EndpointReference in ADFSPassword
|
|
features:
|
|
- >
|
|
Add the ability to specify the WS-Policy EndpointReference used in the
|
|
ADFSPassword plugin's RequestSecurityToken message via the
|
|
'service-provider-entity-id' option. Also added 'identity-provider-url'
|
|
option which was required, but missing from option list.
|
|
fixes:
|
|
- >
|
|
[`bug 1689424 <https://bugs.launchpad.net/keystoneauth/+bug/1689424>`_]
|
|
Allow setting EndpointReference in ADFSPassword.
|