yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1823847] Re: Multiple rules in a mapping is not working with type: "local" attribute

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Colleen Murphy <colleen@xxxxxxxxxxx>
Date: Fri, 12 Apr 2019 18:13:30 -0000
Reply-to: Bug 1823847 <1823847@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1823847

Title:
  Multiple rules in a mapping is not working with type: "local"
  attribute

Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  We have a requirement in which we want to setup an external Identity provider with keystone federation for SSO.
  I have added two rules in a mapping which will match to below criteria and added this mapping to OS_FEDERATION identity provider.
  Rule 1. If user already exists in keystone, it should not create a new ephemeral user.
  Rule 2. If user is not found in keystone, it should create a new user in SSO federated domain.

  Problem:
  If user is not present already, it should match second rule and new user should be created. But its throwing Unauthorized Error.
  I think, with type:"local" specified, it will throw Unauthorized error even if there are multiple rules for a given mapping.
  With multiple rules specified, it should try to match the a rule in an order which is not working as expected

  Have attached mapping object for reference.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1823847/+subscriptions

References

[Bug 1823847] [NEW] Multiple rules in a mapping is not working with type: "local" attribute
From: Shivakumar M, 2019-04-09