yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #78484
[Bug 1828783] Re: More user-friendly websso unauthorized
The vague error message from keystone is intentional. We can't give more
details about the cause of the failed authentication or authorization
issue without exposing information an attacker could use to target the
system.
If you are in a non-production test environment, you can set
[DEFAULT]/insecure_debug to true in keystone which will provide proper
error messages and allow you to debug your mapping while you are setting
it up, but you must disable it before moving to production for the above
reasons.
** Changed in: keystone
Status: New => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1828783
Title:
More user-friendly websso unauthorized
Status in OpenStack Dashboard (Horizon):
New
Status in OpenStack Identity (keystone):
Won't Fix
Bug description:
Whenever trying to login with horizon with federated identity, if the
user is correctly authenticated at the IdP but not authorized by
Keystone (mapping failed), the user just gets a json error message:
{"error":
{
"message": "The request you have made requires authentication.",
"code": 401,
"title": "Unauthorized"
}
}
which is not very user-friendly.
Would it be possible to catch this error by Horizon/Keystone so user
gets a nicer error message?
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1828783/+subscriptions
References