Public bug reported: A user part of a group in auth0 tries to login in using the mapping below just fine
[ { "local": [ { "user": { "name": "{1}::{0}" } }, { "domain": { "id": "default" }, "groups": "{1}" } ], "remote": [ { "type": "HTTP_OIDC_CLAIM_EMAIL" }, { "type": "HTTP_OIDC_CLAIM_GROUPS" } ] } ] Once the user is removed from the group in auth0 and tries to login : Expected Result: Failed to log on to horizon as federation user using OpenID Connect protocol and got 401 code: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}} Actual Result: Got 500 instead of 401 {"error": {"message": "An unexpected error prevented the server from fulfilling your request.", "code": 500, "title": "Internal Server Error"}} error in keystone-all.logs: 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi [req-f5f27f59-788b-494b-9719-bcdbb6b628c0 - - - - -] unexpected EOF while parsing (<unknown>, line 0) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi Traceback (most recent call last): 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/common/wsgi.py", line 249, in __call__ 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi result = method(context, **params) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/controllers.py", line 329, in federated_idp_specific_sso_auth 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi res = self.federated_authentication(context, idp_id, protocol_id) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/controllers.py", line 302, in federated_authentication 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi return self.authenticate_for_token(context, auth=auth) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/controllers.py", line 396, in authenticate_for_token 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi self.authenticate(context, auth_info, auth_context) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/controllers.py", line 520, in authenticate 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi auth_context) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py", line 65, in authenticate 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi self.identity_api) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py", line 141, in handle_unscoped_token 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi federation_api, identity_api) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py", line 194, in apply_mapping_filter 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi identity_provider, protocol, assertion) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/common/manager.py", line 124, in wrapped 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/core.py", line 98, in evaluate 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi mapped_properties = rule_processor.process(assertion_data) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/utils.py", line 544, in process 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi mapped_properties = self._transform(identity_values) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/utils.py", line 647, in _transform 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi identity_value['groups']) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/usr/lib/python2.7/ast.py", line 49, in literal_eval 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi node_or_string = parse(node_or_string, mode='eval') 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/usr/lib/python2.7/ast.py", line 37, in parse 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi return compile(source, filename, mode, PyCF_ONLY_AST) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "<unknown>", line 0 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi ^ 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi SyntaxError: unexpected EOF while parsing 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1629446 Title: 500 when a user logins in using federation Status in OpenStack Identity (keystone): New Bug description: A user part of a group in auth0 tries to login in using the mapping below just fine [ { "local": [ { "user": { "name": "{1}::{0}" } }, { "domain": { "id": "default" }, "groups": "{1}" } ], "remote": [ { "type": "HTTP_OIDC_CLAIM_EMAIL" }, { "type": "HTTP_OIDC_CLAIM_GROUPS" } ] } ] Once the user is removed from the group in auth0 and tries to login : Expected Result: Failed to log on to horizon as federation user using OpenID Connect protocol and got 401 code: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}} Actual Result: Got 500 instead of 401 {"error": {"message": "An unexpected error prevented the server from fulfilling your request.", "code": 500, "title": "Internal Server Error"}} error in keystone-all.logs: 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi [req-f5f27f59-788b-494b-9719-bcdbb6b628c0 - - - - -] unexpected EOF while parsing (<unknown>, line 0) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi Traceback (most recent call last): 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/common/wsgi.py", line 249, in __call__ 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi result = method(context, **params) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/controllers.py", line 329, in federated_idp_specific_sso_auth 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi res = self.federated_authentication(context, idp_id, protocol_id) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/controllers.py", line 302, in federated_authentication 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi return self.authenticate_for_token(context, auth=auth) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/controllers.py", line 396, in authenticate_for_token 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi self.authenticate(context, auth_info, auth_context) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/controllers.py", line 520, in authenticate 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi auth_context) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py", line 65, in authenticate 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi self.identity_api) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py", line 141, in handle_unscoped_token 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi federation_api, identity_api) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py", line 194, in apply_mapping_filter 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi identity_provider, protocol, assertion) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/common/manager.py", line 124, in wrapped 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/core.py", line 98, in evaluate 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi mapped_properties = rule_processor.process(assertion_data) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/utils.py", line 544, in process 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi mapped_properties = self._transform(identity_values) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/utils.py", line 647, in _transform 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi identity_value['groups']) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/usr/lib/python2.7/ast.py", line 49, in literal_eval 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi node_or_string = parse(node_or_string, mode='eval') 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "/usr/lib/python2.7/ast.py", line 37, in parse 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi return compile(source, filename, mode, PyCF_ONLY_AST) 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "<unknown>", line 0 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi ^ 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi SyntaxError: unexpected EOF while parsing 2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1629446/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp