| *** mhen_ is now known as mhen | 02:48 | |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Add OpenID Connect CLI authentication examples https://review.opendev.org/c/openstack/keystone/+/971714 | 11:43 |
|---|---|---|
| stephenfin | gtema: I was trying to bump pyOpenSSL but it's being held back by pysaml2 which looks rather unmaintained. Am I imagining things, or was there a plan to remove that functionality from keystone? https://review.opendev.org/c/openstack/requirements/+/972474/ | 15:45 |
| gtema | yes, this is exactly what we were discussing during the PTG. There is no way rather than drop the saml support, but it can not happen without a massive rework of the Keystone which I am doing in Rust. In the near future we would not be able to get rid of saml support and support for exploring rewrite was also not very huge | 15:47 |
| stephenfin | It seems our usage of pysaml2 is rather small. What about vendoring only what we need? | 15:47 |
| gtema | not sure it helps. It is a pretty security sensitive component in addition, so a very specific knowledge is expected | 15:49 |
| gtema | but you are definitely correct - usage is small with only few CSPs relying on it | 15:49 |
| gtema | and I am working with them on redesigning the stuff | 15:50 |
| gtema | stephenfin: pysaml2 is (from what I understood) being dropped from the newer RH stack meaning it is a technological end and we should rather focus on getting rid of it rather than trying to keep it alive | 15:52 |
| stephenfin | pysaml2 specifically, or SAML in general? | 15:56 |
| gtema | both | 15:56 |
| stephenfin | ack | 15:57 |
| gtema | OIDC intends to replace the SAML but there are still few cornercases that are not addressed. Due to that people still use SAML (mostly Enterprises only) | 15:57 |
| opendevreview | Merged openstack/keystone master: Update hard-coded policy for GET /v3/limits https://review.opendev.org/c/openstack/keystone/+/973163 | 16:21 |
| opendevreview | Ivan Anfimov proposed openstack/keystonemiddleware master: Remove url tags from README https://review.opendev.org/c/openstack/keystonemiddleware/+/974000 | 20:46 |
| opendevreview | Ivan Anfimov proposed openstack/keystonemiddleware master: Remove url tags from README https://review.opendev.org/c/openstack/keystonemiddleware/+/974000 | 20:47 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!