MOS9.0
python-openstackclient-2.2.0
I have tried get tooken from keystone.idp I had the following error:
BadRequest: Expecting to find application/json in Content-Type header - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) (Request-ID: req-d5d2081d-7661-4983-acb0-efbca5dbc181)
/usr/local/bin/openstack --debug --os-auth-type v3unscopedsaml --os-identity-provider cloud1 --os-identity-provider-url http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp --os-username admin --os-password admin --os-project-name admin --os-project-domain-name Default --os-auth-url http://10.200.11.3:5000/v3 --os-protocol saml2 token issue
START with options: ['--debug', '--os-auth-type', 'v3unscopedsaml', '--os-identity-provider', 'cloud1', '--os-identity-provider-url', 'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', '--os-username', 'admin', '--os-password', 'admin', '--os-project-name', 'admin', '--os-project-domain-name', 'Default', '--os-auth-url', 'http://10.200.11.3:5000/v3', '--os-protocol', 'saml2', 'token', 'issue']
options: Namespace(access_token_endpoint='', auth_type='v3unscopedsaml', auth_url='http://10.200.11.3:5000/v3', cacert='', client_id='', client_secret='***', cloud='', debug=True, default_domain='Default', deferred_help=False, domain_id='', domain_name='', endpoint='', identity_provider='cloud1', identity_provider_url='http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', insecure=None, interface='', log_file=None, os_clustering_api_version='1', os_compute_api_version='', os_data_processing_api_version='1.1', os_data_processing_url='', os_dns_api_version='2', os_identity_api_version='3', os_image_api_version='', os_key_manager_api_version='1', os_network_api_version='', os_object_api_version='', os_orchestration_api_version='1', os_project_id=None, os_project_name=None, os_queues_api_version='1.1', os_volume_api_version='', os_workflow_api_version='2', password='***', profile=None, project_domain_id='', project_domain_name='Default', project_id='', project_name='admin', protocol='saml2', region_name='RegionOne', scope='', service_provider_endpoint='', timing=False, token='***', trust_id='', url='', user_domain_id='', user_domain_name='', user_id='', username='admin', verbose_level=3, verify=None)
Deferring keystone exception: The plugin v3unscopedsaml could not be found
defaults: {u'auth_type': 'password', u'status': u'active', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'api_timeout': None, u'baremetal_api_version': u'1', u'image_api_version': u'2', u'metering_api_version': u'2', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', 'cacert': None, u'network_api_version': u'2', u'message': u'', u'image_format': u'qcow2', u'key_manager_api_version': u'v1', 'verify': True, u'identity_api_version': u'2.0', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'container_api_version': u'1', u'dns_api_version': u'2', u'object_store_api_version': u'1', u'interface': None, u'disable_vendor_agent': {}}
cloud cfg: {'auth_type': 'v3unscopedsaml', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'data_processing_api_version': '1.1', u'network_api_version': u'2', 'protocol': 'saml2', u'message': u'', u'image_format': u'qcow2', 'networks': [], u'image_api_version': u'2', 'clustering_api_version': '1', 'verify': True, u'dns_api_version': '2', u'object_store_api_version': u'1', u'status': u'active', 'verbose_level': 3, 'region_name': 'RegionOne', 'api_timeout': None, u'baremetal_api_version': u'1', 'queues_api_version': '1.1', 'auth': {'username': 'admin', 'identity_provider_url': 'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', 'project_name': 'admin', 'identity_provider': 'cloud1', 'auth_url': 'http://10.200.11.3:5000/v3', 'password': '***', 'project_domain_name': 'Default'}, 'default_domain': 'Default', u'container_api_version': u'1', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': '1', 'timing': False, 'cacert': None, u'key_manager_api_version': '1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', 'workflow_api_version': '2', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', 'debug': True, u'interface': None, u'disable_vendor_agent': {}}
compute API version 2, cmd group openstack.compute.v2
network API version 2, cmd group openstack.network.v2
image API version 2, cmd group openstack.image.v2
volume API version 2, cmd group openstack.volume.v2
identity API version 3, cmd group openstack.identity.v3
object_store API version 1, cmd group openstack.object_store.v1
messaging API version 1.1, cmd group openstack.messaging.v1
clustering API version 1, cmd group openstack.clustering.v1
data_processing API version 1.1, cmd group openstack.data_processing.v1
orchestration API version 1, cmd group openstack.orchestration.v1
workflow_engine API version 2, cmd group openstack.workflow_engine.v2
key_manager API version 1, cmd group openstack.key_manager.v1
dns API version 2, cmd group openstack.dns.v2
command: token issue -> openstackclient.identity.v3.token.IssueToken
Auth plugin v3unscopedsaml selected
auth_type: v3unscopedsaml
Using auth plugin: v3unscopedsaml
Using parameters {'username': 'admin', 'identity_provider_url': 'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', 'project_name': 'admin', 'auth_url': 'http://10.200.11.3:5000/v3', 'identity_provider': 'cloud1', 'password': '***', 'project_domain_name': 'Default'}
Get auth_ref
REQ: curl -g -i -X GET http://10.200.11.3:5000/v3/OS-FEDERATION/identity_providers/cloud1/protocols/saml2/auth -H "PAOS: ver="urn:liberty:paos:2003-08";"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"" -H "Accept: text/html, application/vnd.paos+xml" -H "User-Agent: python-openstackclient keystoneauth1/2.12.1 python-requests/2.11.1 CPython/2.7.6"
Starting new HTTP connection (1): 10.200.11.3
"GET /v3/OS-FEDERATION/identity_providers/cloud1/protocols/saml2/auth HTTP/1.1" 200 1658
RESP: [200] Date: Fri, 23 Sep 2016 14:56:05 GMT Server: Apache Expires: 01-Jan-1997 12:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, private Pragma: no-cache Content-Length: 1658 Connection: close Content-Type: application/vnd.paos+xml
RESP BODY: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Header><paos:Request xmlns:paos="urn:liberty:paos:2003-08" S:actor="http://schemas.xmlsoap.org/soap/actor/next" S:mustUnderstand="1" responseConsumerURL="http://10.200.11.3:5000/Shibboleth.sso/SAML2/ECP" service="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/><ecp:Request xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp" IsPassive="0" S:actor="http://schemas.xmlsoap.org/soap/actor/next" S:mustUnderstand="1"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://10.200.1.3:5000/shibboleth</saml:Issuer><samlp:IDPList xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><samlp:IDPEntry ProviderID="http://10.200.1.3:5000/v3/OS-FEDERATION/saml2/idp"/></samlp:IDPList></ecp:Request><ecp:RelayState xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp" S:actor="http://schemas.xmlsoap.org/soap/actor/next" S:mustUnderstand="1">ss:mem:6a3ade0a623614a8dc2bb43b719b85babe371e4ce37e4f42f5f22b387a487fdd</ecp:RelayState></S:Header><S:Body><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="http://10.200.11.3:5000/Shibboleth.sso/SAML2/ECP" ID="_e63b9d967af5a81774eb13572a02b02a" IssueInstant="2016-09-23T14:56:05Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://10.200.1.3:5000/shibboleth</saml:Issuer><samlp:NameIDPolicy AllowCreate="1"/><samlp:Scoping><samlp:IDPList><samlp:IDPEntry ProviderID="http://10.200.1.3:5000/v3/OS-FEDERATION/saml2/idp"/></samlp:IDPList></samlp:Scoping></samlp:AuthnRequest></S:Body></S:Envelope>
Starting new HTTP connection (1): 10.200.1.3
"POST /v3/auth/OS-FEDERATION/saml2/ecp HTTP/1.1" 400 258
Request returned failure status: 400
Expecting to find application/json in Content-Type header - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) (Request-ID: req-44fcfad6-d675-4f67-a53d-4cf7a58c7ada)
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 380, in run_subcommand
self.prepare_to_run_command(cmd)
File "/usr/local/lib/python2.7/dist-packages/openstackclient/shell.py", line 411, in prepare_to_run_command
self.client_manager.auth_ref
File "/usr/local/lib/python2.7/dist-packages/openstackclient/common/clientmanager.py", line 210, in auth_ref
self._auth_ref = self.auth.get_auth_ref(self.session)
File "/usr/local/lib/python2.7/dist-packages/keystoneclient/contrib/auth/v3/saml2.py", line 453, in get_auth_ref
token, token_json = self._get_unscoped_token(session)
File "/usr/local/lib/python2.7/dist-packages/keystoneclient/contrib/auth/v3/saml2.py", line 427, in _get_unscoped_token
self._send_idp_saml2_authn_request(session)
File "/usr/local/lib/python2.7/dist-packages/keystoneclient/contrib/auth/v3/saml2.py", line 305, in _send_idp_saml2_authn_request
authenticated=False, log=False)
File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 675, in post
return self.request(url, 'POST', **kwargs)
File "/usr/local/lib/python2.7/dist-packages/openstackclient/common/session.py", line 40, in request
resp = super(TimingSession, self).request(url, method, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 570, in request
raise exceptions.from_response(resp, method, url)
BadRequest: Expecting to find application/json in Content-Type header - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) (Request-ID: req-44fcfad6-d675-4f67-a53d-4cf7a58c7ada)
clean_up IssueToken: Expecting to find application/json in Content-Type header - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) (Request-ID: req-44fcfad6-d675-4f67-a53d-4cf7a58c7ada)
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/openstackclient/shell.py", line 118, in run
ret_val = super(OpenStackShell, self).run(argv)
File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 267, in run
result = self.run_subcommand(remainder)
File "/usr/local/lib/python2.7/dist-packages/openstackclient/shell.py", line 153, in run_subcommand
ret_value = super(OpenStackShell, self).run_subcommand(argv)
File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 380, in run_subcommand
self.prepare_to_run_command(cmd)
File "/usr/local/lib/python2.7/dist-packages/openstackclient/shell.py", line 411, in prepare_to_run_command
self.client_manager.auth_ref
File "/usr/local/lib/python2.7/dist-packages/openstackclient/common/clientmanager.py", line 210, in auth_ref
self._auth_ref = self.auth.get_auth_ref(self.session)
File "/usr/local/lib/python2.7/dist-packages/keystoneclient/contrib/auth/v3/saml2.py", line 453, in get_auth_ref
token, token_json = self._get_unscoped_token(session)
File "/usr/local/lib/python2.7/dist-packages/keystoneclient/contrib/auth/v3/saml2.py", line 427, in _get_unscoped_token
self._send_idp_saml2_authn_request(session)
File "/usr/local/lib/python2.7/dist-packages/keystoneclient/contrib/auth/v3/saml2.py", line 305, in _send_idp_saml2_authn_request
authenticated=False, log=False)
File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 675, in post
return self.request(url, 'POST', **kwargs)
File "/usr/local/lib/python2.7/dist-packages/openstackclient/common/session.py", line 40, in request
resp = super(TimingSession, self).request(url, method, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 570, in request
raise exceptions.from_response(resp, method, url)
BadRequest: Expecting to find application/json in Content-Type header - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) (Request-ID: req-44fcfad6-d675-4f67-a53d-4cf7a58c7ada)
END return value: 1