To configure OpenID Connect identity provider for we should create mapping.
If mapping local property of mapping doesn't contain user element Kesytone fails with trace <Пример трейса выше> + приатач логфайл к кейсу
Привемер неработающего маппинга
If we use <пример работающего маппинга>
authentication succeed
expected result
If keystone expects user attribute in mapping and can't find it it must issu an error instead of silently fail with TRACE:
ii keystone 2:9.0.2-1~u14.04+mos3 all OpenStack identity service
ii python-keystone 2:9.0.2-1~u14.04+mos3 all OpenStack identity service - library
ii python-keystoneauth1 2.3.0-2~u14.04+mos1 all authentication library for OpenStack Identity - Python 2.7
ii python-keystoneclient 1:2.3.1-3~u14.04+mos2 all client library for the OpenStack Keystone API - Python 2.x
ii python-keystonemiddleware 4.4.1-1~u14.04+mos0 all Middleware for OpenStack Identity (Keystone) - Python 2.x
MOS 9
To configure OpenID Connect identity provider for we should create mapping.
If mapping local property of mapping doesn't contain user element Kesytone fails with trace <Пример трейса выше> + приатач логфайл к кейсу
Привемер неработающего маппинга
If we use <пример работающего маппинга>
authentication succeed
expected result
If keystone expects user attribute in mapping and can't find it it must issu an error instead of silently fail with TRACE:
<11>Aug 29 18:21:02 node-1 keystone-public: 2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi [req-8dd2bec1- 8fe8-4ae0- 9f88-89a74fec1e 2b - - - - -] 'name'
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi Traceback (most recent call last):
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi File "/usr/lib/ python2. 7/dist- packages/ keystone/ common/ wsgi.py" , line 249, in __call__
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi result = method(context, **params)
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi File "/usr/lib/ python2. 7/dist- packages/ keystone/ federation/ controllers. py", line 325, in federated_sso_auth
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi protocol_id)
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi File "/usr/lib/ python2. 7/dist- packages/ keystone/ federation/ controllers. py", line 301, in federated_ authentication
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi return self.authentica te_for_ token(context, auth=auth)
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi File "/usr/lib/ python2. 7/dist- packages/ keystone/ auth/controller s.py", line 396, in authenticate_ for_token
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi self.authentica te(context, auth_info, auth_context)
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi File "/usr/lib/ python2. 7/dist- packages/ keystone/ auth/controller s.py", line 520, in authenticate
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi auth_context)
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi File "/usr/lib/ python2. 7/dist- packages/ keystone/ auth/plugins/ mapped. py", line 65, in authenticate
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi self.identity_api)
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi File "/usr/lib/ python2. 7/dist- packages/ keystone/ auth/plugins/ mapped. py", line 149, in handle_ unscoped_ token
2016-08-29 18:21:02.795 16916 ERROR keystone. common. wsgi get_user_ unique_ id_and_ display_ name(context, mapped_prope
With this json mapping does not work authorization: 6c81db19ec71587 ec5"
"any_ one_of" : [ /accounts. google. com"
cat google_mapping.json
[
{
"local": [
{
"group": {
"id": "fbc6bd1e7c664a
}
}
],
"remote": [
{
"type": "HTTP_OIDC_ISS",
"https:/
]
}
]
}
]
With this json mapping work authorization: mapping2. json
"group" : {
" id": "fbc6bd1e7c664a 6c81db19ec71587 ec5"
"user" : {
" id": "{0}",
" name": "{1}",
" email": "{2}"
"type" : "HTTP_OIDC_SUB"
"type" : "HTTP_OIDC_NAME"
"type" : "HTTP_OIDC_EMAIL"
"type" : "HTTP_OIDC_ISS",
"any_ one_of" : [
"https:/ /accounts. google. com"
cat google_
[
{
"local": [
{
},
}
}
],
"remote": [
{
},
{
},
{
},
{
]
}
]
}
]
ii keystone 2:9.0.2- 1~u14.04+ mos3 all OpenStack identity service 1~u14.04+ mos3 all OpenStack identity service - library keystoneauth1 2.3.0-2~u14.04+mos1 all authentication library for OpenStack Identity - Python 2.7 keystoneclient 1:2.3.1- 3~u14.04+ mos2 all client library for the OpenStack Keystone API - Python 2.x keystonemiddlew are 4.4.1-1~u14.04+mos0 all Middleware for OpenStack Identity (Keystone) - Python 2.x
ii python-keystone 2:9.0.2-
ii python-
ii python-
ii python-