Public bug reported:
Release: Mitaka
I setup federation (saml2) with a product called vIDM which
automatically has a user named "admin". I also have keystone configured
to use a sql backend and have a user named "admin". These users exist on
different domains (Federated) and (default), and have different
user_ids, yet I cannot login with this federated user without a hard
error:
2017-01-05 21:59:56.448 19546 DEBUG keystone.federation.utils
[req-1f592d70-2b6b-431f-9939-c2edd9a79a7f - - - - -] identity_values:
[{u'group': {u'domain': {u'name': u'Default'}, u'name': u'Federated Users'},
u'user': {u'name': u'admin'}}] process
/usr/lib/python2.7/dist-packages/keystone/federation/utils.py:543
2017-01-05 21:59:56.448 19546 DEBUG keystone.federation.utils
[req-1f592d70-2b6b-431f-9939-c2edd9a79a7f - - - - -] mapped_properties:
{'group_ids': [], 'user': {'domain': {'id': 'Federated'}, 'type': 'ephemeral',
u'name': u'admin'}, 'group_names': [{u'domain': {u'name': u'Default'}, u'name':
u'Federated Users'}]} process
/usr/lib/python2.7/dist-packages/keystone/federation/utils.py:545
2017-01-05 21:59:56.482 19546 WARNING keystone.common.wsgi
[req-1f592d70-2b6b-431f-9939-c2edd9a79a7f - - - - -] Authorization failed.
Unable to reconcile identity attribute user_id as it has conflicting values
9b2dde9538864fc0ab7992bdbeb1f877 and e38f2348129a41d0940a29287c06a130 (Disable
insecure_debug mode to suppress these details.) (Disable insecure_debug mode to
suppress these details.) from 10.146.29.206
http://paste.openstack.org/show/594063/
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1654409
Title:
Duplicate users (federated and sql) results in 401
Status in OpenStack Identity (keystone):
New
Bug description:
Release: Mitaka
I setup federation (saml2) with a product called vIDM which
automatically has a user named "admin". I also have keystone
configured to use a sql backend and have a user named "admin". These
users exist on different domains (Federated) and (default), and have
different user_ids, yet I cannot login with this federated user
without a hard error:
2017-01-05 21:59:56.448 19546 DEBUG keystone.federation.utils
[req-1f592d70-2b6b-431f-9939-c2edd9a79a7f - - - - -] identity_values:
[{u'group': {u'domain': {u'name': u'Default'}, u'name': u'Federated Users'},
u'user': {u'name': u'admin'}}] process
/usr/lib/python2.7/dist-packages/keystone/federation/utils.py:543
2017-01-05 21:59:56.448 19546 DEBUG keystone.federation.utils
[req-1f592d70-2b6b-431f-9939-c2edd9a79a7f - - - - -] mapped_properties:
{'group_ids': [], 'user': {'domain': {'id': 'Federated'}, 'type': 'ephemeral',
u'name': u'admin'}, 'group_names': [{u'domain': {u'name': u'Default'}, u'name':
u'Federated Users'}]} process
/usr/lib/python2.7/dist-packages/keystone/federation/utils.py:545
2017-01-05 21:59:56.482 19546 WARNING keystone.common.wsgi
[req-1f592d70-2b6b-431f-9939-c2edd9a79a7f - - - - -] Authorization failed.
Unable to reconcile identity attribute user_id as it has conflicting values
9b2dde9538864fc0ab7992bdbeb1f877 and e38f2348129a41d0940a29287c06a130 (Disable
insecure_debug mode to suppress these details.) (Disable insecure_debug mode to
suppress these details.) from 10.146.29.206
http://paste.openstack.org/show/594063/
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1654409/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
