yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #75432
[Bug 1629446] Re: federated login fails after user is removed from group
** Changed in: keystone/newton
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1629446
Title:
federated login fails after user is removed from group
Status in OpenStack Identity (keystone):
Fix Released
Status in OpenStack Identity (keystone) mitaka series:
Fix Released
Status in OpenStack Identity (keystone) newton series:
Fix Released
Bug description:
A user part of a group in auth0 tries to login in using the mapping
below just fine
[
{
"local": [
{
"user": {
"name": "{1}::{0}"
}
},
{
"domain": {
"id": "default"
},
"groups": "{1}"
}
],
"remote": [
{
"type": "HTTP_OIDC_CLAIM_EMAIL"
},
{
"type": "HTTP_OIDC_CLAIM_GROUPS"
}
]
}
]
Once the user is removed from the group in auth0 and tries to login :
Expected Result:
Failed to log on to horizon as federation user using OpenID Connect protocol and got 401 code:
{"error": {"message": "The request you have made requires
authentication.", "code": 401, "title": "Unauthorized"}}
Actual Result:
Got 500 instead of 401
{"error": {"message": "An unexpected error prevented the server from
fulfilling your request.", "code": 500, "title": "Internal Server
Error"}}
error in keystone-all.logs:
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi [req-f5f27f59-788b-494b-9719-bcdbb6b628c0 - - - - -] unexpected EOF while parsing (<unknown>, line 0)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi Traceback (most recent call last):
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/common/wsgi.py", line 249, in __call__
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi result = method(context, **params)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/controllers.py", line 329, in federated_idp_specific_sso_auth
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi res = self.federated_authentication(context, idp_id, protocol_id)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/controllers.py", line 302, in federated_authentication
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi return self.authenticate_for_token(context, auth=auth)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/controllers.py", line 396, in authenticate_for_token
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi self.authenticate(context, auth_info, auth_context)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/controllers.py", line 520, in authenticate
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi auth_context)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py", line 65, in authenticate
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi self.identity_api)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py", line 141, in handle_unscoped_token
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi federation_api, identity_api)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py", line 194, in apply_mapping_filter
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi identity_provider, protocol, assertion)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/common/manager.py", line 124, in wrapped
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/core.py", line 98, in evaluate
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi mapped_properties = rule_processor.process(assertion_data)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/utils.py", line 544, in process
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi mapped_properties = self._transform(identity_values)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/utils.py", line 647, in _transform
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi identity_value['groups'])
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/usr/lib/python2.7/ast.py", line 49, in literal_eval
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi node_or_string = parse(node_or_string, mode='eval')
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/usr/lib/python2.7/ast.py", line 37, in parse
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi return compile(source, filename, mode, PyCF_ONLY_AST)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "<unknown>", line 0
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi ^
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi SyntaxError: unexpected EOF while parsing
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1629446/+subscriptions
References
