Add openstack_groups to assertion

Currently, a keystone IdP does not provide the groups to which user belong when generating SAML assertions.This patch adds an additional attribute called "openstack_groups" in the assertion. Change-Id: I205e8bbf9a4579b16177f57e29e363f4205a2b48 Closes-Bug: #1641625
author: Vishakha Agarwal <agarwalvishakha18@gmail.com> 2018-08-02 16:31:54 +0530
committer: Vishakha Agarwal <agarwalvishakha18@gmail.com> 2020-03-19 20:14:41 +0530
commit: dda426b61a18590a81c5b3af281eb0c410756692 (patch)
tree: 80c4df4d98ff8be30b7124b72799f26fb424ed64 /devstack
parent: 326b014434cc760ba08763e1870ac057f7917e98 (diff)
download: keystone-dda426b61a18590a81c5b3af281eb0c410756692.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/devstack/files/federation/attribute-map.xml b/devstack/files/federation/attribute-map.xml
index 4094caad0..6e1b3c7da 100644
--- a/devstack/files/federation/attribute-map.xml
+++ b/devstack/files/federation/attribute-map.xml
@@ -12,6 +12,7 @@
     <Attribute id="openstack_roles" name="openstack_roles"/>
     <Attribute id="openstack_user" name="openstack_user"/>
     <Attribute id="openstack_user_domain" name="openstack_user_domain"/>
+    <Attribute id="openstack_groups" name="openstack_groups"/>
 
     <!-- First some useful eduPerson attributes that many sites might use. -->
     <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn">
author	Vishakha Agarwal <agarwalvishakha18@gmail.com>	2018-08-02 16:31:54 +0530
committer	Vishakha Agarwal <agarwalvishakha18@gmail.com>	2020-03-19 20:14:41 +0530
commit	dda426b61a18590a81c5b3af281eb0c410756692 (patch)
tree	80c4df4d98ff8be30b7124b72799f26fb424ed64 /devstack
parent	326b014434cc760ba08763e1870ac057f7917e98 (diff)
download	keystone-dda426b61a18590a81c5b3af281eb0c410756692.tar.gz