← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1291981] Re: missing type check in SAML RuleProcessor

 

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1291981

Title:
  missing type check in SAML RuleProcessor

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  RuleProcessor assumes every element in context['environment'] can be
  splitted as a string as seen here:
  https://github.com/openstack/keystone/blob/master/keystone/contrib/federation/utils.py#L172

  This is however not always the case:

    curl -si -d '{
        "auth": {
            "identity": {
                "methods": [
                    "saml2"
                ],
                "saml2": {
                    "identity_provider": "testshib",
                    "protocol": "admin"
                }
            }
    }' -H "Content-type: application/json" http://XXX:5000/v3/auth/tokens

  2014-03-10 23:21:34.869 DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth contex
  t. from (pid=7939) process_request /opt/stack/keystone/keystone/middleware/core.py:270
  2014-03-10 23:21:34.871 DEBUG keystone.common.wsgi [-] arg_dict: {} from (pid=7939) __call__ /opt/stack/keystone/keystone/common/wsgi.py:180
  2014-03-10 23:21:34.877 ERROR keystone.common.wsgi [-] 'Route' object has no attribute 'split'
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi Traceback (most recent call last):
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi   File "/opt/stack/keystone/keystone/common/wsgi.py", line 205, in __call__
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi     result = method(context, **params)
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi   File "/opt/stack/keystone/keystone/auth/controllers.py", line 316, in authenticate_for_token
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi     self.authenticate(context, auth_info, auth_context)
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi   File "/opt/stack/keystone/keystone/auth/controllers.py", line 416, in authenticate
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi     auth_context)
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi   File "/opt/stack/keystone/keystone/auth/plugins/saml2.py", line 54, in authenticate
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi     fields = self._handle_unscoped_token(context, auth_payload)
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi   File "/opt/stack/keystone/keystone/auth/plugins/saml2.py", line 77, in _handle_unscoped_token
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi     mapped_properties = rule_processor.process(assertion)
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi   File "/opt/stack/keystone/keystone/contrib/federation/utils.py", line 172, in process
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi     assertion = dict((n, v.split(';')) for n, v in assertion_data.items())
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi   File "/opt/stack/keystone/keystone/contrib/federation/utils.py", line 172, in <genexpr>
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi     assertion = dict((n, v.split(';')) for n, v in assertion_data.items())
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi AttributeError: 'Route' object has no attribute 'split'
  2014-03-10 23:21:34.877 TRACE keystone.common.wsgi 
  2014-03-10 23:21:34.881 INFO eventlet.wsgi.server [-] 84.99.59.174 - - [10/Mar/2014 23:21:34] "POST /v3/auth/tokens HTTP/1.1" 500 331 0.012142

  ---------

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1291981/+subscriptions


References