See tracker.
4.5.0 switched to cryptography, so when it hits stable (in about a month) we should be good here.
ok, 4.5.0 is stable
testing the pysaml bump for pike and ocata https://review.openstack.org/528857 https://review.openstack.org/528859 only keystone has a cap on pysaml2
testing here now too (needed a depends-on patch I think)
https://review.openstack.org/529908
FWICS current versions aren't affected.