** Changed in: keystone
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1291981
Title:
missing type check in SAML RuleProcessor
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
RuleProcessor assumes every element in context['environment'] can be
splitted as a string as seen here:
https://github.com/openstack/keystone/blob/master/keystone/contrib/federation/utils.py#L172
This is however not always the case:
curl -si -d '{
"auth": {
"identity": {
"methods": [
"saml2"
],
"saml2": {
"identity_provider": "testshib",
"protocol": "admin"
}
}
}' -H "Content-type: application/json" http://XXX:5000/v3/auth/tokens
2014-03-10 23:21:34.869 DEBUG keystone.middleware.core [-] Auth token not in
the request header. Will not build auth contex
t. from (pid=7939) process_request
/opt/stack/keystone/keystone/middleware/core.py:270
2014-03-10 23:21:34.871 DEBUG keystone.common.wsgi [-] arg_dict: {} from
(pid=7939) __call__ /opt/stack/keystone/keystone/common/wsgi.py:180
2014-03-10 23:21:34.877 ERROR keystone.common.wsgi [-] 'Route' object has no
attribute 'split'
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi Traceback (most recent
call last):
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/common/wsgi.py", line 205, in __call__
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi result =
method(context, **params)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/auth/controllers.py", line 316, in
authenticate_for_token
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi
self.authenticate(context, auth_info, auth_context)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/auth/controllers.py", line 416, in authenticate
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi auth_context)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/auth/plugins/saml2.py", line 54, in authenticate
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi fields =
self._handle_unscoped_token(context, auth_payload)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/auth/plugins/saml2.py", line 77, in
_handle_unscoped_token
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi mapped_properties =
rule_processor.process(assertion)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/contrib/federation/utils.py", line 172, in process
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi assertion = dict((n,
v.split(';')) for n, v in assertion_data.items())
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/contrib/federation/utils.py", line 172, in
<genexpr>
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi assertion = dict((n,
v.split(';')) for n, v in assertion_data.items())
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi AttributeError: 'Route'
object has no attribute 'split'
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi
2014-03-10 23:21:34.881 INFO eventlet.wsgi.server [-] 84.99.59.174 - -
[10/Mar/2014 23:21:34] "POST /v3/auth/tokens HTTP/1.1" 500 331 0.012142
---------
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1291981/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
