[keystone] Keystone OpenID Connect authentication fails if local property of mapping doesn't contain `user` element.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Confirmed
|
Medium
|
MOS Keystone | ||
9.x |
Confirmed
|
Medium
|
MOS Keystone |
Bug Description
MOS 9
To configure OpenID Connect identity provider for we should create mapping.
If local property of mapping doesn't contain user element, Keystone fails with trace
cat google_mapping.json
[
{
"local": [
{
"group": {
"id": "fbc6bd1e7c664a
}
}
],
"remote": [
{
"type": "HTTP_OIDC_ISS",
"https:/
]
}
]
}
]
<11>Aug 29 18:21:02 node-1 keystone-public: 2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
2016-08-29 18:21:02.795 16916 ERROR keystone.
If we use mapping with user property (as shown below) authentication succeed.
cat google_
[
{
"local": [
{
},
}
}
],
"remote": [
{
},
{
},
{
},
{
]
}
]
}
]
EXPECTED RESULT:
If keystone expects user attribute in mapping and can't find it it must issue an error message instead of silently fail with TRACE.
PACKAGES USED:
ii keystone 2:9.0.2-
ii python-keystone 2:9.0.2-
ii python-
ii python-
ii python-
description: | updated |
description: | updated |
summary: |
- Keystone OpenID Connect authentication fails if local property of - mapping doesn't contain `user` element. + [keystone] Keystone OpenID Connect authentication fails if local + property of mapping doesn't contain `user` element. |
Changed in mos: | |
assignee: | nobody → MOS Keystone (mos-keystone) |
Changed in mos: | |
importance: | Undecided → Medium |
status: | New → Confirmed |
milestone: | none → 9.2 |
tags: | added: area-keystone |