← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #60556

[Bug 1645908] Re: Domain id reference for federated users fails in keystone middleware

  Thread PreviousDate PreviousThread Next 
Moved to keystonemiddleware project.

** Also affects: keystonemiddleware
   Importance: Undecided
       Status: New

** Changed in: keystone
       Status: New => Invalid

** No longer affects: keystone

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1645908

Title:
  Domain id reference for federated users fails in keystone middleware

Status in keystonemiddleware:
  New

Bug description:
  Version: Keystone Mitaka

  Keystone middleware expects the domain id field to be set for a user.
  For federated users, the domain id is set to be None and hence causes
  an error during autoscaling of a Heat stack created by SSO user.

  Had to modify _populate_user() function in
  keystone/token/providers/common.py to set a dummy domain id for
  federated users as below to fix this issue:

          # Fix: domain id for federated users is None, so send dummy value.
          # Added is_local user attribute to distinguish local and federated users.
          if user_ref.get('is_local'):
              domain = self._get_filtered_domain(user_ref['domain_id'])
          else:
              domain = {
                        'id': CONF.federation.federated_domain_name,
                        'name': CONF.federation.federated_domain_name
                       }
          # end

  Wondering if this is the right way to resolve the domain reference
  issue for SSO.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystonemiddleware/+bug/1645908/+subscriptions

References

  Thread PreviousDate PreviousThread Next