← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #14433

[Bug 1320140] [NEW] Federation documentation is not clear about mapping.rules.local.user.name

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The documentation of the Federation API [1] brings a lot of examples
where the local part of the rule does not have the user object with the
name property, such as:

{
    "user": {
        "name": "user name"
    }
}

However one cannot get a token with Federation if the mapping doesn't
have such rule, because of the lines below: [2]

        mapped_properties = self._transform(identity_values)
        if mapped_properties.get('name') is None:
            raise exception.Unauthorized(_("Could not map user"))

and the implementation of the method _transform, that is not lenient
about the lack of the aforementioned object [3].


[1] https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md
[2] https://github.com/openstack/keystone/blob/01eea87dea766714015a62f5d24f07d2407f9612/keystone/contrib/federation/utils.py#L223
[3] https://github.com/openstack/keystone/blob/01eea87dea766714015a62f5d24f07d2407f9612/keystone/contrib/federation/utils.py#L228

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1320140

Title:
  Federation documentation is not clear about
  mapping.rules.local.user.name

Status in OpenStack Identity (Keystone):
  New

Bug description:
  The documentation of the Federation API [1] brings a lot of examples
  where the local part of the rule does not have the user object with
  the name property, such as:

  {
      "user": {
          "name": "user name"
      }
  }

  However one cannot get a token with Federation if the mapping doesn't
  have such rule, because of the lines below: [2]

          mapped_properties = self._transform(identity_values)
          if mapped_properties.get('name') is None:
              raise exception.Unauthorized(_("Could not map user"))

  and the implementation of the method _transform, that is not lenient
  about the lack of the aforementioned object [3].

  
  [1] https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md
  [2] https://github.com/openstack/keystone/blob/01eea87dea766714015a62f5d24f07d2407f9612/keystone/contrib/federation/utils.py#L223
  [3] https://github.com/openstack/keystone/blob/01eea87dea766714015a62f5d24f07d2407f9612/keystone/contrib/federation/utils.py#L228

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1320140/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next