yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1760205] [NEW] A deleted federated user cannot be recreated for some time

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Kristi Nikolla <knikolla@xxxxxx>
Date: Fri, 30 Mar 2018 20:17:21 -0000
Reply-to: Bug 1760205 <1760205@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

When you delete a shadow user and the user tries to log in again through
federation, they'll get a can't find user error. Retrying after 10 (or
so) minutes works.

My Setup
--------
1. devstack-idp is the identity provider for service provider devstack-sp1, using Keystone to Keystone (SAML) with Shibboleth
2. user-idp gets a SAML assertion from devstack-idp keystone and uses that to authenticate with devstack-sp1 keystone.
3. devstack-sp1 create shadow user user-sp1.
4. admin deletes user-sp1 in devstack-sp1.
5. Step two is performed again
6. user-idp gets a 'Could not find user <user-sp1_id>' from devstack-sp1.
7. After 10 (or so) minutes user tries again, this time it works and he is able to authenticate to <user-sp1> (id of this user-sp1 is different than the prior one).

** Affects: keystone
Importance: Undecided
Status: New

** Tags: federation

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1760205

Title:
A deleted federated user cannot be recreated for some time

Status in OpenStack Identity (keystone):
New

Bug description:
When you delete a shadow user and the user tries to log in again
through federation, they'll get a can't find user error. Retrying
after 10 (or so) minutes works.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1760205/+subscriptions

Follow ups

[Bug 1760205] Re: Deleting a shadow user doesn't invalidate the cache
From: OpenStack Infra, 2018-04-30