Add keystone Ussuri cycle highlights
Change-Id: Ic900b5f9b9868c0a943141c6ce476552a9f9285d
This commit is contained in:
parent
e3adf324b6
commit
b8aece69b3
@ -5,3 +5,22 @@ team: keystone
|
||||
type: service
|
||||
repository-settings:
|
||||
openstack/keystone: {}
|
||||
cycle-highlights:
|
||||
- The user experience for creating application credentials and trusts has
|
||||
been greatly improved when using a federated authentication method.
|
||||
Federated users whose role assignments come from mapped group membership
|
||||
will have those group memberships persisted for a configurable TTL after
|
||||
their token expires, during which time their application credentials will
|
||||
remain valid.
|
||||
- Keystone to Keystone assertions now contain the user's group memberships on
|
||||
the keystone Identity Provider which can be mapped to group membership on
|
||||
the keystone Service Provider.
|
||||
- Federated users can now be given concrete role assignments without relying
|
||||
on the mapping API by allowing federated users to be created directly in
|
||||
keystone and linked to their Identity Provider.
|
||||
- When bootstrapping a new keystone deployment, the admin role now defaults
|
||||
to having the "immutable" option set, which prevents it from being
|
||||
accidentally deleted or modified unless the "immutable" option is
|
||||
deliberately removed.
|
||||
- Keystonemiddleware no longer supports the Identity v2.0 API, which was
|
||||
removed from keystone in previous release cycles.
|
||||
|
Loading…
x
Reference in New Issue
Block a user