yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #20646
[Bug 1320140] Re: Federation documentation is not clear about mapping.rules.local.user.name
*** This bug is a duplicate of bug 1312221 ***
https://bugs.launchpad.net/bugs/1312221
** This bug has been marked a duplicate of bug 1312221
Add user objects to mapping rules examples in OS-FEDERATION docs
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1320140
Title:
Federation documentation is not clear about
mapping.rules.local.user.name
Status in OpenStack Identity (Keystone):
Triaged
Bug description:
The documentation of the Federation API [1] brings a lot of examples
where the local part of the rule does not have the user object with
the name property, such as:
{
"user": {
"name": "user name"
}
}
However one cannot get a token with Federation if the mapping doesn't
have such rule, because of the lines below: [2]
mapped_properties = self._transform(identity_values)
if mapped_properties.get('name') is None:
raise exception.Unauthorized(_("Could not map user"))
and the implementation of the method _transform, that is not lenient
about the lack of the aforementioned object [3].
[1] https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md
[2] https://github.com/openstack/keystone/blob/01eea87dea766714015a62f5d24f07d2407f9612/keystone/contrib/federation/utils.py#L223
[3] https://github.com/openstack/keystone/blob/01eea87dea766714015a62f5d24f07d2407f9612/keystone/contrib/federation/utils.py#L228
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1320140/+subscriptions
References