← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1828783] Re: More user-friendly websso unauthorized

 

The vague error message from keystone is intentional. We can't give more
details about the cause of the failed authentication or authorization
issue without exposing information an attacker could use to target the
system.

If you are in a non-production test environment, you can set
[DEFAULT]/insecure_debug to true in keystone which will provide proper
error messages and allow you to debug your mapping while you are setting
it up, but you must disable it before moving to production for the above
reasons.

** Changed in: keystone
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1828783

Title:
  More user-friendly websso unauthorized

Status in OpenStack Dashboard (Horizon):
  New
Status in OpenStack Identity (keystone):
  Won't Fix

Bug description:
  Whenever trying to login with horizon with federated identity, if the
  user is correctly authenticated at the IdP but not authorized by
  Keystone (mapping failed), the user just gets a json error message:

  {"error": 
    {
      "message": "The request you have made requires authentication.",
      "code": 401,
      "title": "Unauthorized"
    }
  }

  which is not very user-friendly.

  Would it be possible to catch this error by Horizon/Keystone so user
  gets a nicer error message?

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1828783/+subscriptions


References