yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #60274
[Bug 1654409] [NEW] Duplicate users (federated and sql) results in 401
Public bug reported:
Release: Mitaka
I setup federation (saml2) with a product called vIDM which
automatically has a user named "admin". I also have keystone configured
to use a sql backend and have a user named "admin". These users exist on
different domains (Federated) and (default), and have different
user_ids, yet I cannot login with this federated user without a hard
error:
2017-01-05 21:59:56.448 19546 DEBUG keystone.federation.utils [req-1f592d70-2b6b-431f-9939-c2edd9a79a7f - - - - -] identity_values: [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'Federated Users'}, u'user': {u'name': u'admin'}}] process /usr/lib/python2.7/dist-packages/keystone/federation/utils.py:543
2017-01-05 21:59:56.448 19546 DEBUG keystone.federation.utils [req-1f592d70-2b6b-431f-9939-c2edd9a79a7f - - - - -] mapped_properties: {'group_ids': [], 'user': {'domain': {'id': 'Federated'}, 'type': 'ephemeral', u'name': u'admin'}, 'group_names': [{u'domain': {u'name': u'Default'}, u'name': u'Federated Users'}]} process /usr/lib/python2.7/dist-packages/keystone/federation/utils.py:545
2017-01-05 21:59:56.482 19546 WARNING keystone.common.wsgi [req-1f592d70-2b6b-431f-9939-c2edd9a79a7f - - - - -] Authorization failed. Unable to reconcile identity attribute user_id as it has conflicting values 9b2dde9538864fc0ab7992bdbeb1f877 and e38f2348129a41d0940a29287c06a130 (Disable insecure_debug mode to suppress these details.) (Disable insecure_debug mode to suppress these details.) from 10.146.29.206
http://paste.openstack.org/show/594063/
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1654409
Title:
Duplicate users (federated and sql) results in 401
Status in OpenStack Identity (keystone):
New
Bug description:
Release: Mitaka
I setup federation (saml2) with a product called vIDM which
automatically has a user named "admin". I also have keystone
configured to use a sql backend and have a user named "admin". These
users exist on different domains (Federated) and (default), and have
different user_ids, yet I cannot login with this federated user
without a hard error:
2017-01-05 21:59:56.448 19546 DEBUG keystone.federation.utils [req-1f592d70-2b6b-431f-9939-c2edd9a79a7f - - - - -] identity_values: [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'Federated Users'}, u'user': {u'name': u'admin'}}] process /usr/lib/python2.7/dist-packages/keystone/federation/utils.py:543
2017-01-05 21:59:56.448 19546 DEBUG keystone.federation.utils [req-1f592d70-2b6b-431f-9939-c2edd9a79a7f - - - - -] mapped_properties: {'group_ids': [], 'user': {'domain': {'id': 'Federated'}, 'type': 'ephemeral', u'name': u'admin'}, 'group_names': [{u'domain': {u'name': u'Default'}, u'name': u'Federated Users'}]} process /usr/lib/python2.7/dist-packages/keystone/federation/utils.py:545
2017-01-05 21:59:56.482 19546 WARNING keystone.common.wsgi [req-1f592d70-2b6b-431f-9939-c2edd9a79a7f - - - - -] Authorization failed. Unable to reconcile identity attribute user_id as it has conflicting values 9b2dde9538864fc0ab7992bdbeb1f877 and e38f2348129a41d0940a29287c06a130 (Disable insecure_debug mode to suppress these details.) (Disable insecure_debug mode to suppress these details.) from 10.146.29.206
http://paste.openstack.org/show/594063/
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1654409/+subscriptions
Follow ups
