← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1354315] Re: REMOTE_USER as empty string results in authentication failure

 

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => juno-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1354315

Title:
  REMOTE_USER as empty string results in authentication failure

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  On some federation setups (observed on Apache 2.4.7 + shibboleth 2.5.2, on Ubuntu 14.04) the REMOTE_USER environment variable is set to the empty string when performing a SAML-backed authentication, even though shibboleth is configured so that it doesn't populate REMOTE_USER with any assertion.
  This causes the external auth method to take over the expected saml2 auth method, and results in a 401 failure since user '' cannot be found.
  A workaround is to disable the external auth method in /etc/keystone/keystone.conf.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1354315/+subscriptions


References