← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1429334] [NEW] Unmatched Groups in Federation Mapping raise errors

 

Public bug reported:

Mapping groups from REMOTE_USER_GROUPS (or comparable) via the rule:

"local": [
                    {
                        "group": {
                            "name": "{0}",
                            "domain": {"name": "Default"}
                        }
                    }
                ],
                "remote": [
                    {
                        "type": "REMOTE_USER_GROUPS"
                    }
                ]


{"error": {"message": "Group {0} returned by mapping kerberos_mapping
was not found in the backend. (Disable debug mode to suppress these
details.)", "code": 500, "title": "Internal Server Error"}}[

Will throw an error if a group in the assertion does not exist in the
Groups list.   This means that all groups from all user smust exist.
Much more expected is for unmatched groups to be dropped.

This should not throw a 500 error.

** Affects: keystone
     Importance: Undecided
     Assignee: Marek Denis (marek-denis)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Marek Denis (marek-denis)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1429334

Title:
  Unmatched Groups in Federation Mapping raise errors

Status in OpenStack Identity (Keystone):
  New

Bug description:
  Mapping groups from REMOTE_USER_GROUPS (or comparable) via the rule:

  "local": [
                      {
                          "group": {
                              "name": "{0}",
                              "domain": {"name": "Default"}
                          }
                      }
                  ],
                  "remote": [
                      {
                          "type": "REMOTE_USER_GROUPS"
                      }
                  ]


  {"error": {"message": "Group {0} returned by mapping kerberos_mapping
  was not found in the backend. (Disable debug mode to suppress these
  details.)", "code": 500, "title": "Internal Server Error"}}[

  Will throw an error if a group in the assertion does not exist in the
  Groups list.   This means that all groups from all user smust exist.
  Much more expected is for unmatched groups to be dropped.

  This should not throw a 500 error.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1429334/+subscriptions


Follow ups

References