yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1482701] [NEW] Federation: user's name in rules not respected

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Marek Denis <marek.denis@xxxxxxx>
Date: Fri, 07 Aug 2015 16:02:03 -0000
Reply-to: Bug 1482701 <1482701@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

For a mapping rule  (see local's user name and user id are different)

[
    {
        "local": [
            {
                "group": {
                    "id": "852d0dc079cf4709813583e92498e625"
                }
            },
            {
                "user": {
                    "id": "marek",
                    "name": "federated_user"
                }
            }
        ],
        "remote": [
            {
                "any_one_of": [
                    "user1",
                    "admin"
                ],
                "type": "openstack_user"
            }
        ]
    }
]

I can authenticate via federated workflo,w but the tokej JSON response
has (see id and name are identical):

u'user': {u'OS-FEDERATION': {u'groups': [{u'id': u'852d0dc079cf4709813583e92498e625'}],
                                         u'identity_provider': {u'id': u'keystone-idp'},
                                         u'protocol': {u'id': u'saml2'}},
                      u'domain': {u'id': u'Federated',
                                  u'name': u'Federated'},
                      u'id': u'marek',
                      u'name': u'marek'}}}


This happens for both UUID and Fernet tokens.

** Affects: keystone
     Importance: Medium
     Assignee: Marek Denis (marek-denis)
         Status: New


** Tags: federation

** Changed in: keystone
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1482701

Title:
  Federation: user's name in rules not respected

Status in Keystone:
  New

Bug description:
  For a mapping rule  (see local's user name and user id are different)

  [
      {
          "local": [
              {
                  "group": {
                      "id": "852d0dc079cf4709813583e92498e625"
                  }
              },
              {
                  "user": {
                      "id": "marek",
                      "name": "federated_user"
                  }
              }
          ],
          "remote": [
              {
                  "any_one_of": [
                      "user1",
                      "admin"
                  ],
                  "type": "openstack_user"
              }
          ]
      }
  ]

  I can authenticate via federated workflo,w but the tokej JSON response
  has (see id and name are identical):

  u'user': {u'OS-FEDERATION': {u'groups': [{u'id': u'852d0dc079cf4709813583e92498e625'}],
                                           u'identity_provider': {u'id': u'keystone-idp'},
                                           u'protocol': {u'id': u'saml2'}},
                        u'domain': {u'id': u'Federated',
                                    u'name': u'Federated'},
                        u'id': u'marek',
                        u'name': u'marek'}}}

  
  This happens for both UUID and Fernet tokens.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1482701/+subscriptions

Follow ups

[Bug 1482701] Re: Federation: user's name in rules not respected
From: OpenStack Infra, 2016-07-18