Hi I am testing the feasibility of federated token to access another federated resource. For this purpos, I setup three devstack kilo instances as:
kilo1 (IdP) -----> kilo2 (SP / IdP) -----> kilo3 (SP) 1. get a federated scoped token for a project in kilo2. 2. using this federated token, get federated scoped token for a project in kilo3. I get 500 internal server error from kilo2. If I remove service provider in kilo2 (registered for kilo3), i can get federated scoped token. So far I know for issuing v3 token, the error is within webob python /usr/local/lib/python2.7/dist-packages/webob/dec.py while authenticating the token in /keystone/auth/controllers.py. the following link is the stack trace: http://paste.openstack.org/show/422584/ The issue is when a SP is setup to be idp as well service provider (for kilo3) in kilo2, then i get http 500 internal server error. The response unscoped token from kilo2 is the following link: http://paste.openstack.org/show/412951/ I wanted to know if somebody tested similar scenarios or had similar issues. Thanks for your response -Navid Pustchi
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
