2.4. Identity

You can now configure Identity Provider-specific WebSSO. Previously, you had to configure WebSSO globally for keystone. With this update, you can configure WebSSO for each Identity Provider, directing dashboard queries to the individual endpoints, rather than performing additional discovery steps.

New attributes are available for SAML assertion: openstack_user_domain for mapping user domains, and openstack_project_domain for mapping project domains.

Experimental support has been added for keystone tokenless authorization using X.509 SSL client certificates.