From b37dfa66eb1b31e4eaab2d82585e75e60be28570 Mon Sep 17 00:00:00 2001
From: Steve Martinelli <stevemar@ca.ibm.com>
Date: Mon, 4 Aug 2014 20:32:48 -0400
Subject: [PATCH] Add OS-FEDERATION section to scoped federation tokens

Add an OS-FEDERATION section to the user section in a scoped
federation token. We currently do the same for unscoped tokens.

Change-Id: Ie056297f713f71eb7dd47e6cdea87579c600cfae
Partial-Bug: #1351038
---
 .../identity-api-v3-os-federation-ext.md      | 74 +++++++++++++++++++
 1 file changed, 74 insertions(+)

diff --git a/v3/src/markdown/identity-api-v3-os-federation-ext.md b/v3/src/markdown/identity-api-v3-os-federation-ext.md
index 798a56c7..c52160ec 100644
--- a/v3/src/markdown/identity-api-v3-os-federation-ext.md
+++ b/v3/src/markdown/identity-api-v3-os-federation-ext.md
@@ -862,3 +862,77 @@ Example request:
             }
         }
     }
+
+Similarly to the returned unscoped token, the returned scoped token will have
+an `OS-FEDERATION` section added to the `user` portion of the token.
+
+Example of an OS-FEDERATION token:
+
+    {
+        "token": {
+            "methods": [
+                "saml2"
+            ],
+            "roles": [
+                {
+                    "id": "36a8989f52b24872a7f0c59828ab2a26",
+                    "name": "admin"
+                }
+            ],
+            "expires_at": "2014-08-06T13:43:43.367202Z",
+            "project": {
+                "domain": {
+                    "id": "1789d1",
+                    "links": {
+                        "self": "http://identity:35357/v3/domains/1789d1"
+                    },
+                    "name": "example.com"
+                },
+                "id": "263fd9",
+                "links": {
+                    "self": "http://identity:35357/v3/projects/263fd9"
+                },
+                "name": "project-x"
+            },
+            "catalog": [
+                {
+                    "endpoints": [
+                        {
+                            "id": "39dc322ce86c4111b4f06c2eeae0841b",
+                            "interface": "public",
+                            "region": "RegionOne",
+                            "url": "http://localhost:5000"
+                        },
+                        {
+                            "id": "ec642f27474842e78bf059f6c48f4e99",
+                            "interface": "internal",
+                            "region": "RegionOne",
+                            "url": "http://localhost:5000"
+                        },
+                        {
+                            "id": "c609fc430175452290b62a4242e8a7e8",
+                            "interface": "admin",
+                            "region": "RegionOne",
+                            "url": "http://localhost:35357"
+                        }
+                    ],
+                    "id": "266c2aa381ea46df81bb05ddb02bd14a",
+                    "name": "keystone",
+                    "type": "identity"
+                }
+            ],
+            "user": {
+                "id": "username%40example.com",
+                "name": "username@example.com",
+                "OS-FEDERATION": {
+                    "identity_provider": "ACME",
+                    "protocol": "SAML",
+                    "groups": [
+                        {"id": "abc123"},
+                        {"id": "bcd234"}
+                    ]
+                }
+            },
+            "issued_at": "2014-08-06T12:43:43.367288Z"
+        }
+    }