← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #73230

[Bug 1693704] Re: Unable to list federated projects with unscoped token

  Thread PreviousDate PreviousThread Next 
[Expired for OpenStack Identity (keystone) because there has been no
activity for 60 days.]

** Changed in: keystone
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1693704

Title:
  Unable to list federated projects with unscoped token

Status in OpenStack Identity (keystone):
  Expired

Bug description:
  When I got the federated user project list, the error is as bellow:

  2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__
  2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi     result = method(req, **params)
  2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 164, in inner
  2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi     return f(self, request, *args, **kwargs)
  2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/federation/controllers.py", line 480, in list_projects_for_user
  2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi     request.auth_context['group_ids'])
  2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi KeyError: 'group_ids'
  2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi

  and I have got the token scoped in domain.

  My mapping rule is as bellow:

  [
  {
      "local": [
                  {
                     "user": {
                          "name": "{0}",
                          "domain": {
                              "name": "{1}"
                          },
                          "type": "local"
                      }
                  }
              ],
      "remote": [
          {
              "type": "openstack_user"
          },
          {
              "type": "openstack_user_domain"
          }
      ]
  }
  ]

  The error is that token is an unscoped token which is got from the API
  “/v3/OS-FEDERATION/identity_providers/keystone-
  idp/protocols/saml2/auth” and then the federated user want to get the
  projects from /v3/OS-FEDERATION/projects. But error occurs.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1693704/+subscriptions

References

  Thread PreviousDate PreviousThread Next