yahoo-eng-team team mailing list archive

[Dolph Mathews <1320140@xxxxxxxxxxxxxxxxxx>]

*** This bug is a duplicate of bug 1312221 ***
    https://bugs.launchpad.net/bugs/1312221

** This bug has been marked a duplicate of bug 1312221
   Add user objects to mapping rules examples in OS-FEDERATION docs

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1320140

Title:
  Federation documentation is not clear about
  mapping.rules.local.user.name

Status in OpenStack Identity (Keystone):
  Triaged

Bug description:
  The documentation of the Federation API [1] brings a lot of examples
  where the local part of the rule does not have the user object with
  the name property, such as:

  {
      "user": {
          "name": "user name"
      }
  }

  However one cannot get a token with Federation if the mapping doesn't
  have such rule, because of the lines below: [2]

          mapped_properties = self._transform(identity_values)
          if mapped_properties.get('name') is None:
              raise exception.Unauthorized(_("Could not map user"))

  and the implementation of the method _transform, that is not lenient
  about the lack of the aforementioned object [3].

  
  [1] https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md
  [2] https://github.com/openstack/keystone/blob/01eea87dea766714015a62f5d24f07d2407f9612/keystone/contrib/federation/utils.py#L223
  [3] https://github.com/openstack/keystone/blob/01eea87dea766714015a62f5d24f07d2407f9612/keystone/contrib/federation/utils.py#L228

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1320140/+subscriptions