yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #65526
[Bug 1693704] Re: Unable to list federated projects with unscoped token
** Summary changed:
- Unable to list federated projects with domain-scoped token
+ Unable to list federated projects with unscoped token
** Description changed:
When I got the federated user project list, the error is as bellow:
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi result = method(req, **params)
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 164, in inner
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi return f(self, request, *args, **kwargs)
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/federation/controllers.py", line 480, in list_projects_for_user
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi request.auth_context['group_ids'])
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi KeyError: 'group_ids'
- 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi
+ 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi
and I have got the token scoped in domain.
My mapping rule is as bellow:
[
{
- "local": [
- {
- "user": {
- "name": "{0}",
- "domain": {
- "name": "{1}"
- },
- "type": "local"
- }
- }
- ],
- "remote": [
- {
- "type": "openstack_user"
- },
- {
- "type": "openstack_user_domain"
- }
- ]
+ "local": [
+ {
+ "user": {
+ "name": "{0}",
+ "domain": {
+ "name": "{1}"
+ },
+ "type": "local"
+ }
+ }
+ ],
+ "remote": [
+ {
+ "type": "openstack_user"
+ },
+ {
+ "type": "openstack_user_domain"
+ }
+ ]
}
]
- The error is that token is scoped in domain and 'group_ids' is not in the auth_context. So we should verify whether
- it is in the context.
+ The error is that token is an unscoped token which is got from the API
+ “/v3/OS-FEDERATION/identity_providers/keystone-idp/protocols/saml2/auth”
+ and then the federated user want to get the projects. But error occurs.
** Changed in: keystone
Status: Invalid => In Progress
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1693704
Title:
Unable to list federated projects with unscoped token
Status in OpenStack Identity (keystone):
In Progress
Bug description:
When I got the federated user project list, the error is as bellow:
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi result = method(req, **params)
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 164, in inner
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi return f(self, request, *args, **kwargs)
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/federation/controllers.py", line 480, in list_projects_for_user
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi request.auth_context['group_ids'])
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi KeyError: 'group_ids'
2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi
and I have got the token scoped in domain.
My mapping rule is as bellow:
[
{
"local": [
{
"user": {
"name": "{0}",
"domain": {
"name": "{1}"
},
"type": "local"
}
}
],
"remote": [
{
"type": "openstack_user"
},
{
"type": "openstack_user_domain"
}
]
}
]
The error is that token is an unscoped token which is got from the API
“/v3/OS-FEDERATION/identity_providers/keystone-
idp/protocols/saml2/auth” and then the federated user want to get the
projects. But error occurs.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1693704/+subscriptions
References
