yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #12233
[Bug 1291981] Re: missing type check in SAML RuleProcessor
** Changed in: keystone
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1291981
Title:
missing type check in SAML RuleProcessor
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
RuleProcessor assumes every element in context['environment'] can be
splitted as a string as seen here:
https://github.com/openstack/keystone/blob/master/keystone/contrib/federation/utils.py#L172
This is however not always the case:
curl -si -d '{
"auth": {
"identity": {
"methods": [
"saml2"
],
"saml2": {
"identity_provider": "testshib",
"protocol": "admin"
}
}
}' -H "Content-type: application/json" http://XXX:5000/v3/auth/tokens
2014-03-10 23:21:34.869 DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth contex
t. from (pid=7939) process_request /opt/stack/keystone/keystone/middleware/core.py:270
2014-03-10 23:21:34.871 DEBUG keystone.common.wsgi [-] arg_dict: {} from (pid=7939) __call__ /opt/stack/keystone/keystone/common/wsgi.py:180
2014-03-10 23:21:34.877 ERROR keystone.common.wsgi [-] 'Route' object has no attribute 'split'
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 205, in __call__
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi result = method(context, **params)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 316, in authenticate_for_token
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi self.authenticate(context, auth_info, auth_context)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 416, in authenticate
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi auth_context)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/plugins/saml2.py", line 54, in authenticate
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi fields = self._handle_unscoped_token(context, auth_payload)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/plugins/saml2.py", line 77, in _handle_unscoped_token
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi mapped_properties = rule_processor.process(assertion)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/contrib/federation/utils.py", line 172, in process
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi assertion = dict((n, v.split(';')) for n, v in assertion_data.items())
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/contrib/federation/utils.py", line 172, in <genexpr>
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi assertion = dict((n, v.split(';')) for n, v in assertion_data.items())
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi AttributeError: 'Route' object has no attribute 'split'
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi
2014-03-10 23:21:34.881 INFO eventlet.wsgi.server [-] 84.99.59.174 - - [10/Mar/2014 23:21:34] "POST /v3/auth/tokens HTTP/1.1" 500 331 0.012142
---------
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1291981/+subscriptions
References
