Mirantis OpenStack

[keystone] K2K federation. python-openstackclient: SAML2: Error parsing XML

Bug #1627065 reported by Stanislav Kolenkin
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Confirmed
Low
MOS Keystone
Mirantis OpenStack 9.2

Bug Description

MOS9.0
python-openstackclient-3.2.0

When I have tried get tooken from keystone.idp but I had the following error:
/usr/local/bin/openstack --debug --os-auth-type v3samlpassword --os-identity-provider cloud1 --os-identity-provider-url http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp --os-username admin --os-password admin --os-project-name admin --os-project-domain-name Default --os-auth-url http://10.200.11.3:5000/v3 --os-protocol saml2 token issue
WARNING: openstackclient.common.utils is deprecated and will be removed after Jun 2017. Please use osc_lib.utils
START with options: [u'--debug', u'--os-auth-type', u'v3samlpassword', u'--os-identity-provider', u'cloud1', u'--os-identity-provider-url', u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', u'--os-username', u'admin', u'--os-password', u'admin', u'--os-project-name', u'admin', u'--os-project-domain-name', u'Default', u'--os-auth-url', u'http://10.200.11.3:5000/v3', u'--os-protocol', u'saml2', u'token', u'issue']
options: Namespace(access_key='', access_secret='***', access_token='***', access_token_endpoint='', access_token_type='', auth_type=u'v3samlpassword', auth_url=u'http://10.200.11.3:5000/v3', authorization_code='', cacert=None, cert='', client_id='', client_secret='***', cloud='', consumer_key='', consumer_secret='***', debug=True, default_domain='Default', default_domain_id='', default_domain_name='', deferred_help=False, discovery_endpoint='', domain_id='', domain_name='', endpoint='', identity_provider=u'cloud1', identity_provider_url=u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', insecure=None, interface='', key='', log_file=None, old_profile=None, openid_scope='', os_beta_command=False, os_clustering_api_version='1', os_compute_api_version='', os_data_processing_api_version='1.1', os_data_processing_url='', os_dns_api_version='2', os_identity_api_version='3', os_image_api_version='', os_key_manager_api_version='1', os_network_api_version='', os_object_api_version='', os_orchestration_api_version='1', os_project_id=None, os_project_name=None, os_queues_api_version='1.1', os_volume_api_version='', os_workflow_api_version='2', passcode='', password=***'admin', profile=None, project_domain_id='', project_domain_name=u'Default', project_id='', project_name=u'admin', protocol=u'saml2', redirect_uri='', region_name='RegionOne', timing=False, token='***', trust_id='', url='', user_domain_id='', user_domain_name='', user_id='', username=u'admin', verbose_level=3, verify=None)
Auth plugin v3samlpassword selected
auth_config_hook(): {'auth_type': u'v3samlpassword', 'beta_command': False, u'compute_api_version': u'2', u'orchestration_api_version': '1', 'identity_provider_url': u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', 'data_processing_api_version': '1.1', 'auth_url': u'http://10.200.11.3:5000/v3', u'network_api_version': u'2', 'protocol': u'saml2', u'message': u'', u'image_format': u'qcow2', 'networks': [], u'image_api_version': u'2', 'clustering_api_version': '1', 'verify': True, u'database_api_version': u'1.0', 'identity_provider': u'cloud1', u'dns_api_version': '2', u'object_store_api_version': u'1', 'username': u'admin', 'verbose_level': 3, 'region_name': 'RegionOne', 'api_timeout': None, u'baremetal_api_version': u'1', 'queues_api_version': '1.1', 'auth': {'project_name': 'admin', 'project_domain_name': 'Default'}, 'default_domain': 'Default', 'debug': True, u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', 'key': None, 'timing': False, 'password': u'admin', 'cacert': None, u'key_manager_api_version': '1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', 'workflow_api_version': '2', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'status': u'active', u'container_api_version': u'1', u'interface': None, u'disable_vendor_agent': {}}
defaults: {u'auth_type': 'password', u'status': u'active', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'api_timeout': None, u'baremetal_api_version': u'1', u'image_api_version': u'2', u'metering_api_version': u'2', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', 'cacert': None, u'network_api_version': u'2', u'message': u'', u'image_format': u'qcow2', u'key_manager_api_version': u'v1', 'verify': True, u'identity_api_version': u'2.0', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'container_api_version': u'1', u'dns_api_version': u'2', u'object_store_api_version': u'1', u'interface': None, u'disable_vendor_agent': {}}
cloud cfg: {'auth_type': u'v3samlpassword', 'beta_command': False, u'compute_api_version': u'2', 'key': None, 'identity_provider_url': u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', 'data_processing_api_version': '1.1', 'auth_url': u'http://10.200.11.3:5000/v3', u'network_api_version': u'2', 'protocol': u'saml2', u'message': u'', u'image_format': u'qcow2', 'networks': [], u'image_api_version': u'2', 'clustering_api_version': '1', 'verify': True, u'database_api_version': u'1.0', 'identity_provider': u'cloud1', u'dns_api_version': '2', u'object_store_api_version': u'1', 'username': u'admin', 'verbose_level': 3, 'region_name': 'RegionOne', 'api_timeout': None, u'baremetal_api_version': u'1', 'queues_api_version': '1.1', 'auth': {'username': u'admin', 'identity_provider_url': u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', 'project_name': u'admin', 'protocol': u'saml2', 'identity_provider': u'cloud1', 'auth_url': u'http://10.200.11.3:5000/v3', 'password': u'***', 'project_domain_name': u'Default'}, 'default_domain': 'Default', u'container_api_version': u'1', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': '1', 'timing': False, 'password': u'***', 'cacert': None, u'key_manager_api_version': '1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', 'workflow_api_version': '2', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'status': u'active', 'debug': True, u'interface': None, u'disable_vendor_agent': {}}
compute API version 2, cmd group openstack.compute.v2
network API version 2, cmd group openstack.network.v2
image API version 2, cmd group openstack.image.v2
volume API version 2, cmd group openstack.volume.v2
identity API version 3, cmd group openstack.identity.v3
object_store API version 1, cmd group openstack.object_store.v1
messaging API version 1.1, cmd group openstack.messaging.v1
clustering API version 1, cmd group openstack.clustering.v1
data_processing API version 1.1, cmd group openstack.data_processing.v1
orchestration API version 1, cmd group openstack.orchestration.v1
workflow_engine API version 2, cmd group openstack.workflow_engine.v2
key_manager API version 1, cmd group openstack.key_manager.v1
dns API version 2, cmd group openstack.dns.v2
Auth plugin v3samlpassword selected
auth_config_hook(): {'auth_type': u'v3samlpassword', 'beta_command': False, u'compute_api_version': u'2', u'orchestration_api_version': '1', 'identity_provider_url': u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', 'data_processing_api_version': '1.1', 'auth_url': u'http://10.200.11.3:5000/v3', u'network_api_version': u'2', 'protocol': u'saml2', u'message': u'', u'image_format': u'qcow2', 'networks': [], u'image_api_version': u'2', 'clustering_api_version': '1', 'verify': True, u'database_api_version': u'1.0', 'identity_provider': u'cloud1', u'dns_api_version': '2', u'object_store_api_version': u'1', 'username': u'admin', 'verbose_level': 3, 'region_name': 'RegionOne', 'api_timeout': None, u'baremetal_api_version': u'1', 'queues_api_version': '1.1', 'auth': {'project_name': 'admin', 'project_domain_name': 'Default'}, 'default_domain': 'Default', 'debug': True, u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', 'key': None, 'timing': False, 'password': u'admin', 'cacert': None, u'key_manager_api_version': '1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', 'workflow_api_version': '2', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'status': u'active', u'container_api_version': u'1', u'interface': None, u'disable_vendor_agent': {}}
command: token issue -> openstackclient.identity.v3.token.IssueToken
Using auth plugin: v3samlpassword
Using parameters {'username': u'admin', 'identity_provider_url': u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', 'project_name': 'admin', 'protocol': u'saml2', 'identity_provider': u'cloud1', 'auth_url': u'http://10.200.11.3:5000/v3', 'password': u'***', 'project_domain_name': 'Default'}
Get auth_ref
REQ: curl -g -i -X GET http://10.200.11.3:5000/v3/OS-FEDERATION/identity_providers/cloud1/protocols/saml2/auth -H "User-Agent: osc-lib keystoneauth1/2.12.1 python-requests/2.11.1 CPython/2.7.6"
Starting new HTTP connection (1): 10.200.11.3
"GET /v3/OS-FEDERATION/identity_providers/cloud1/protocols/saml2/auth HTTP/1.1" 200 1658
Starting new HTTP connection (1): 10.200.1.3
"POST /v3/auth/OS-FEDERATION/saml2/ecp HTTP/1.1" 400 258
SAML2: Error parsing XML returned from Identity Provider: Start tag expected, '<' not found, line 1, column 1
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 380, in run_subcommand
    self.prepare_to_run_command(cmd)
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 434, in prepare_to_run_command
    self.client_manager.auth_ref
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/clientmanager.py", line 198, in auth_ref
    self._auth_ref = self.auth.get_auth_ref(self.session)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/identity/v3/federation.py", line 65, in get_auth_ref
    auth_ref = self.get_unscoped_auth_ref(session)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/extras/_saml2/v3/saml2.py", line 241, in get_unscoped_auth_ref
    raise exceptions.AuthorizationFailure(str(e))
AuthorizationFailure: SAML2: Error parsing XML returned from Identity Provider: Start tag expected, '<' not found, line 1, column 1
clean_up IssueToken: SAML2: Error parsing XML returned from Identity Provider: Start tag expected, '<' not found, line 1, column 1
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 135, in run
    ret_val = super(OpenStackShell, self).run(argv)
  File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 267, in run
    result = self.run_subcommand(remainder)
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 180, in run_subcommand
    ret_value = super(OpenStackShell, self).run_subcommand(argv)
  File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 380, in run_subcommand
    self.prepare_to_run_command(cmd)
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 434, in prepare_to_run_command
    self.client_manager.auth_ref
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/clientmanager.py", line 198, in auth_ref
    self._auth_ref = self.auth.get_auth_ref(self.session)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/identity/v3/federation.py", line 65, in get_auth_ref
    auth_ref = self.get_unscoped_auth_ref(session)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/extras/_saml2/v3/saml2.py", line 241, in get_unscoped_auth_ref
    raise exceptions.AuthorizationFailure(str(e))
AuthorizationFailure: SAML2: Error parsing XML returned from Identity Provider: Start tag expected, '<' not found, line 1, column 1

END return value: 1

See original description
Stanislav Kolenkin (skolenkin)
Changed in mos:
assignee: nobody → MOS Keystone (mos-keystone)
description: updated
description: updated
Revision history for this message
Boris Bobrov (bbobrov) wrote :

The above traceback is for python-openstackclient that is not part of 9.x release. Still valid though.

Changed in mos:
status: New → Confirmed
importance: Undecided → Medium
importance: Medium → Low
Vitaly Sedelnik (vsedelnik)
Changed in mos:
milestone: none → 9.2
tags: added: area-keystone
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.