yahoo-eng-team team mailing list archive

[Steve Martinelli <1590426@xxxxxxxxxxxxxxxxxx>]

*** This bug is a duplicate of bug 1482701 ***
    https://bugs.launchpad.net/bugs/1482701

** This bug has been marked a duplicate of bug 1482701
   Federation: user's name in rules not respected

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1590426

Title:
  Keystone Federated Identity assertion name not included in token

Status in OpenStack Identity (keystone):
  Incomplete

Bug description:
  When using keystone Federated Identity, the user name, based on the
  assertion mapping, is replaced in Keystone tokens by the autogenerated
  ID, resulting in e.g. Horizon showing the user's ID instead of the
  name (see attachment).

  Running "openstack user list" shows the correct data:

  +----------------------------------+----------------------------------+
  | ID                               | Name                             |
  +----------------------------------+----------------------------------+
  | 1835f12340674587b8e9b55ac1b43a3c | test1@xxxxxxxx                   |
  +----------------------------------+----------------------------------+

  The issue is clearly visible in the logs:

  016-05-26 10:08:02.809220
  DEBUG:keystoneauth.identity.v3.base:{"token": {"issued_at":
  "2016-05-26T10:08:02.804697Z", "user": {"OS-FEDERATION":
  {"identity_provider": {"id": "idp_1"}, "protocol": {"id": "saml2"},
  "groups": [{"id": "b07974d2891f4d939b91a288ea933b1e"}]}, "domain":
  {"id": "Federated", "name": "Federated"}, "id":
  "1835f12340674587b8e9b55ac1b43a3c", "name":
  "1835f12340674587b8e9b55ac1b43a3c"}, "methods": ["token"],
  "expires_at": "2016-05-26T11:08:02.804676Z", "audit_ids":
  ["4O86fwqsSd6LSge4123sdx"]}}

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1590426/+subscriptions