Ask Your Question

Revision history [back]

This is a known issue with keystoneclient, and looks like it carried over to middleware.

I wrote a simple alternative using the client (Newtown) that shows the general approach to the solution:

http://adam.younglogic.com/2016/06/saml-federated-auth-plugin/

For now, you can use the Federated approach to get an unscoped token, then use a token auth plugin manually (this is a really bad solution I know)