yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1429334] Re: Unmatched Groups in Federation Mapping raise errors

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 19 Mar 2015 14:20:53 -0000
Reply-to: Bug 1429334 <1429334@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1429334

Title:
  Unmatched Groups in Federation Mapping raise errors

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  Mapping groups from REMOTE_USER_GROUPS (or comparable) via the rule:

  "local": [
                      {
                          "group": {
                              "name": "{0}",
                              "domain": {"name": "Default"}
                          }
                      }
                  ],
                  "remote": [
                      {
                          "type": "REMOTE_USER_GROUPS"
                      }
                  ]


  {"error": {"message": "Group {0} returned by mapping kerberos_mapping
  was not found in the backend. (Disable debug mode to suppress these
  details.)", "code": 500, "title": "Internal Server Error"}}[

  Will throw an error if a group in the assertion does not exist in the
  Groups list.   This means that all groups from all user smust exist.
  Much more expected is for unmatched groups to be dropped.

  This should not throw a 500 error.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1429334/+subscriptions

References

[Bug 1429334] [NEW] Unmatched Groups in Federation Mapping raise errors
From: Adam Young, 2015-03-07