yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #47732
[Bug 1547031] Re: Can't distinguish users through openid login
Your mapping is unconditionally resulting in this behavior. See the
mapping documentation:
http://docs.openstack.org/developer/keystone/mapping_combinations.html
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1547031
Title:
Can't distinguish users through openid login
Status in OpenStack Identity (keystone):
Invalid
Bug description:
Accrounding to the doc (http://docs.openstack.org/developer/keystone/configure_federation.html), I parse openid login in my devstack. and i have success login with google account.
but there is a problem, how can i distinguish users? I know all the federation users are in one group, and the group is relate with a project. In my devstack, all of users login through openid have the same project , and have the same resource, when i create a resource and orther user login through openid can also see the resource
I don't know whether somewhere i parsed is wrong, this is my mapping:
{
"local": [
{
"user": {
"name": "{3}",
"realname": "{2}",
"email": "{3}"
},
"group": {
"name": "demo",
"domain": {
"name": "Default"
}
}
}
],
"remote": [
{
"type": "HTTP_OIDC_SUB"
},
{
"type": "HTTP_OIDC_ISS"
},
{
"type": "HTTP_OIDC_NAME"
},
{
"type": "HTTP_OIDC_EMAIL"
}
]
}
devstack address: www.scorpio.ml
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1547031/+subscriptions
References
