yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #49039
[Bug 1566282] Re: Returning federated user fails to authenticate with HTTP 500
** Also affects: keystone/mitaka
Importance: Undecided
Assignee: Dolph Mathews (dolph)
Status: In Progress
** Also affects: keystone/newton
Importance: Undecided
Status: New
** Changed in: keystone/newton
Assignee: (unassigned) => Boris Bobrov (bbobrov)
** Changed in: keystone/mitaka
Assignee: Dolph Mathews (dolph) => (unassigned)
** Changed in: keystone/mitaka
Assignee: (unassigned) => Steve Martinelli (stevemar)
** Changed in: keystone/mitaka
Assignee: Steve Martinelli (stevemar) => Boris Bobrov (bbobrov)
** Changed in: keystone/newton
Importance: Undecided => High
** Changed in: keystone/mitaka
Importance: Undecided => Critical
** Changed in: keystone/newton
Importance: High => Critical
** Changed in: keystone/newton
Status: New => In Progress
** Changed in: keystone/newton
Milestone: None => newton-1
** Changed in: keystone/mitaka
Milestone: None => mitaka-rc3
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1566282
Title:
Returning federated user fails to authenticate with HTTP 500
Status in OpenStack Identity (keystone):
In Progress
Status in OpenStack Identity (keystone) mitaka series:
In Progress
Status in OpenStack Identity (keystone) newton series:
In Progress
Bug description:
I've set up stable/mitaka keystone with AD FS and it worked. After
some time, i decided to test the set up again and after trying to
authenicate i've got HTTP 500.
In keystone logs, there is this:
http://paste.openstack.org/show/492968/ (the logs are the same as
below).
This happens because self.update_federated_user_display_name is
called in identity_api.shadow_federated_user. Since no
update_federated_user_display_name is defined in identity_api,
__getattr__ tries to lookup the name in the driver. The driver used
for identity_api hasn't update_federated_user_display_name, and
AttributeError is raised.
The issue seems to exist on both stable/mitaka and master (6f9f390).
2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] direct_maps: <keystone.federation.utils.DirectMaps object at 0x7fef82155850> _update_local_mapping /opt/stack/keystone/keystone/federation/utils.py:691
2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] local: {u'id': u'f7567142a8024543ab678de7be553dbf'} _update_local_mapping /opt/stack/keystone/keystone/federation/utils.py:692
2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] identity_values: [{u'user': {u'domain': {u'name': u'Default'}, u'name': u'breton@xxxxxxxxx'}}, {u'group': {u'id': u'f7567142a8024543ab678de7be553dbf'}}] proc
ess /opt/stack/keystone/keystone/federation/utils.py:535
2016-04-05 11:53:56.174 2100 DEBUG keystone.federation.utils [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] mapped_properties: {'group_ids': [u'f7567142a8024543ab678de7be553dbf'], 'user': {u'domain': {'id': 'Federated'}, 'type': 'ephemeral', u'name': u'breton@winad
.org'}, 'group_names': []} process /opt/stack/keystone/keystone/federation/utils.py:537
2016-04-05 11:53:56.273 2100 ERROR keystone.common.wsgi [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] 'Identity' object has no attribute 'update_federated_user_display_name'
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi Traceback (most recent call last):
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 249, in __call__
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi result = method(context, **params)
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/federation/controllers.py", line 320, in federated_sso_auth
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi protocol_id)
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/federation/controllers.py", line 302, in federated_authentication
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi return self.authenticate_for_token(context, auth=auth)
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 396, in authenticate_for_token
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi self.authenticate(context, auth_info, auth_context)
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 520, in authenticate
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi auth_context)
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/plugins/mapped.py", line 65, in authenticate
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi self.identity_api)
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/plugins/mapped.py", line 153, in handle_unscoped_token
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi display_name)
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/manager.py", line 124, in wrapped
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1053, in decorate
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi should_cache_fn)
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 657, in get_or_create
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi async_creator) as value:
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 158, in __enter__
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi return self._enter()
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 98, in _enter
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi generated = self._enter_create(createdtime)
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 149, in _enter_create
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi created = self.creator()
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 625, in gen_value
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi created_value = creator()
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1049, in creator
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi return fn(*arg, **kw)
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/identity/core.py", line 1242, in shadow_federated_user
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi self.update_federated_user_display_name(idp_id, protocol_id,
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/manager.py", line 187, in __getattr__
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi f = getattr(self.driver, name)
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi AttributeError: 'Identity' object has no attribute 'update_federated_user_display_name'
2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1566282/+subscriptions
References
