yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #46457
[Bug 1547031] [NEW] Can't distinguish users through openid login
Public bug reported:
Accrounding to the doc (http://docs.openstack.org/developer/keystone/configure_federation.html), I parse openid login in my devstack. and i have success login with google account.
but there is a program, how can i distinguish users? I know all the federation users are in one group, and the group is relate with a project. In my devstack, all of users login through openid have the same project , and have the same resource, when i create a resource and orther user login through openid can also see the resource
I don't know whether somewhere i parsed is wrong, this is my mapping:
{
"local": [
{
"user": {
"name": "{3}",
"realname": "{2}",
"email": "{3}"
},
"group": {
"name": "demo",
"domain": {
"name": "Default"
}
}
}
],
"remote": [
{
"type": "HTTP_OIDC_SUB"
},
{
"type": "HTTP_OIDC_ISS"
},
{
"type": "HTTP_OIDC_NAME"
},
{
"type": "HTTP_OIDC_EMAIL"
}
]
}
devstack address: www.scorpio.ml
** Affects: keystone
Importance: Undecided
Status: New
** Tags: federation
** Description changed:
- Accrounding to the doc (http://docs.openstack.org/developer/keystone/configure_federation.html), I parse openid login in my devstack. and i have success login with google account.
- but there is a program, how can i distinguish users? I know all the federation users are in one group, and the group is relate with a project. In my devstack, all of users login through openid have the same project , and have the same resource, when i create a resource and orther user login through openid can also see the resource
- I don't know whether somewhere i parsed is wrong, this is my mapping(see the Attachment)
+ Accrounding to the doc (http://docs.openstack.org/developer/keystone/configure_federation.html), I parse openid login in my devstack. and i have success login with google account.
+ but there is a program, how can i distinguish users? I know all the federation users are in one group, and the group is relate with a project. In my devstack, all of users login through openid have the same project , and have the same resource, when i create a resource and orther user login through openid can also see the resource
+ I don't know whether somewhere i parsed is wrong, this is my mapping(see the Attachment)
devstack address: www.scorpio.ml
** Description changed:
Accrounding to the doc (http://docs.openstack.org/developer/keystone/configure_federation.html), I parse openid login in my devstack. and i have success login with google account.
but there is a program, how can i distinguish users? I know all the federation users are in one group, and the group is relate with a project. In my devstack, all of users login through openid have the same project , and have the same resource, when i create a resource and orther user login through openid can also see the resource
- I don't know whether somewhere i parsed is wrong, this is my mapping(see the Attachment)
+ I don't know whether somewhere i parsed is wrong, this is my mapping:
+ {
+ "local": [
+ {
+ "user": {
+ "name": "{3}",
+ "realname": "{2}",
+ "email": "{3}"
+ },
+ "group": {
+ "name": "demo",
+ "domain": {
+ "name": "Default"
+ }
+ }
+ }
+ ],
+ "remote": [
+ {
+ "type": "HTTP_OIDC_SUB"
+ },
+ {
+ "type": "HTTP_OIDC_ISS"
+ },
+ {
+ "type": "HTTP_OIDC_NAME"
+ },
+ {
+ "type": "HTTP_OIDC_EMAIL"
+ }
+ ]
+ }
devstack address: www.scorpio.ml
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1547031
Title:
Can't distinguish users through openid login
Status in OpenStack Identity (keystone):
New
Bug description:
Accrounding to the doc (http://docs.openstack.org/developer/keystone/configure_federation.html), I parse openid login in my devstack. and i have success login with google account.
but there is a program, how can i distinguish users? I know all the federation users are in one group, and the group is relate with a project. In my devstack, all of users login through openid have the same project , and have the same resource, when i create a resource and orther user login through openid can also see the resource
I don't know whether somewhere i parsed is wrong, this is my mapping:
{
"local": [
{
"user": {
"name": "{3}",
"realname": "{2}",
"email": "{3}"
},
"group": {
"name": "demo",
"domain": {
"name": "Default"
}
}
}
],
"remote": [
{
"type": "HTTP_OIDC_SUB"
},
{
"type": "HTTP_OIDC_ISS"
},
{
"type": "HTTP_OIDC_NAME"
},
{
"type": "HTTP_OIDC_EMAIL"
}
]
}
devstack address: www.scorpio.ml
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1547031/+subscriptions
Follow ups
