Authenticate mapped user and set an authentication context.
auth_payload – the content of the authentication for a given method
In addition to
response_data, this plugin sets
apply_mapping_filter(identity_provider, protocol, assertion, resource_api, federation_api, identity_api)¶
Setup federated username.
Function covers all the cases for properly setting user id, a primary identifier for identity objects. Initial version of the mapping engine assumed user is identified by
idis built from the name. We, however need to be able to accept local rules that identify user by either id or name/domain.
The following use-cases are covered:
If neither user_name nor user_id is set raise exception.Unauthorized
If user_id is set and user_name not, set user_name equal to user_id
If user_id is not set and user_name is, set user_id as url safe version of user_name.
mapped_properties – Properties issued by a RuleProcessor.
keystone.exception.Unauthorized – If neither user_name nor user_id is set.
tuple with user identification
- Return type
handle_scoped_token(token, federation_api, identity_api)¶
handle_unscoped_token(auth_payload, resource_api, federation_api, identity_api, assignment_api, role_api)¶