Public bug reported:
A user part of a group in auth0 tries to login in using the mapping
below just fine
[
{
"local": [
{
"user": {
"name": "{1}::{0}"
}
},
{
"domain": {
"id": "default"
},
"groups": "{1}"
}
],
"remote": [
{
"type": "HTTP_OIDC_CLAIM_EMAIL"
},
{
"type": "HTTP_OIDC_CLAIM_GROUPS"
}
]
}
]
Once the user is removed from the group in auth0 and tries to login :
Expected Result:
Failed to log on to horizon as federation user using OpenID Connect protocol
and got 401 code:
{"error": {"message": "The request you have made requires
authentication.", "code": 401, "title": "Unauthorized"}}
Actual Result:
Got 500 instead of 401
{"error": {"message": "An unexpected error prevented the server from
fulfilling your request.", "code": 500, "title": "Internal Server
Error"}}
error in keystone-all.logs:
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
[req-f5f27f59-788b-494b-9719-bcdbb6b628c0 - - - - -] unexpected EOF while
parsing (<unknown>, line 0)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi Traceback (most recent
call last):
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/common/wsgi.py",
line 249, in __call__
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi result =
method(context, **params)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/controllers.py",
line 329, in federated_idp_specific_sso_auth
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi res =
self.federated_authentication(context, idp_id, protocol_id)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/controllers.py",
line 302, in federated_authentication
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi return
self.authenticate_for_token(context, auth=auth)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/controllers.py",
line 396, in authenticate_for_token
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
self.authenticate(context, auth_info, auth_context)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/controllers.py",
line 520, in authenticate
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi auth_context)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py",
line 65, in authenticate
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi self.identity_api)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py",
line 141, in handle_unscoped_token
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi federation_api,
identity_api)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py",
line 194, in apply_mapping_filter
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi identity_provider,
protocol, assertion)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/common/manager.py",
line 124, in wrapped
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi __ret_val =
__f(*args, **kwargs)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/core.py",
line 98, in evaluate
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi mapped_properties
= rule_processor.process(assertion_data)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/utils.py",
line 544, in process
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi mapped_properties
= self._transform(identity_values)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/utils.py",
line 647, in _transform
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
identity_value['groups'])
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/ast.py", line 49, in literal_eval
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi node_or_string =
parse(node_or_string, mode='eval')
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/ast.py", line 37, in parse
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi return
compile(source, filename, mode, PyCF_ONLY_AST)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "<unknown>",
line 0
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi ^
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi SyntaxError:
unexpected EOF while parsing
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1629446
Title:
500 when a user logins in using federation
Status in OpenStack Identity (keystone):
New
Bug description:
A user part of a group in auth0 tries to login in using the mapping
below just fine
[
{
"local": [
{
"user": {
"name": "{1}::{0}"
}
},
{
"domain": {
"id": "default"
},
"groups": "{1}"
}
],
"remote": [
{
"type": "HTTP_OIDC_CLAIM_EMAIL"
},
{
"type": "HTTP_OIDC_CLAIM_GROUPS"
}
]
}
]
Once the user is removed from the group in auth0 and tries to login :
Expected Result:
Failed to log on to horizon as federation user using OpenID Connect protocol
and got 401 code:
{"error": {"message": "The request you have made requires
authentication.", "code": 401, "title": "Unauthorized"}}
Actual Result:
Got 500 instead of 401
{"error": {"message": "An unexpected error prevented the server from
fulfilling your request.", "code": 500, "title": "Internal Server
Error"}}
error in keystone-all.logs:
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
[req-f5f27f59-788b-494b-9719-bcdbb6b628c0 - - - - -] unexpected EOF while
parsing (<unknown>, line 0)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi Traceback (most
recent call last):
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/common/wsgi.py",
line 249, in __call__
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi result =
method(context, **params)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/controllers.py",
line 329, in federated_idp_specific_sso_auth
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi res =
self.federated_authentication(context, idp_id, protocol_id)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/controllers.py",
line 302, in federated_authentication
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi return
self.authenticate_for_token(context, auth=auth)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/controllers.py",
line 396, in authenticate_for_token
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
self.authenticate(context, auth_info, auth_context)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/controllers.py",
line 520, in authenticate
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi auth_context)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py",
line 65, in authenticate
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
self.identity_api)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py",
line 141, in handle_unscoped_token
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi federation_api,
identity_api)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py",
line 194, in apply_mapping_filter
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
identity_provider, protocol, assertion)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/common/manager.py",
line 124, in wrapped
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi __ret_val =
__f(*args, **kwargs)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/core.py",
line 98, in evaluate
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
mapped_properties = rule_processor.process(assertion_data)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/utils.py",
line 544, in process
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
mapped_properties = self._transform(identity_values)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/opt/openstack/current/keystone/local/lib/python2.7/site-packages/keystone/federation/utils.py",
line 647, in _transform
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
identity_value['groups'])
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/ast.py", line 49, in literal_eval
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi node_or_string =
parse(node_or_string, mode='eval')
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/ast.py", line 37, in parse
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi return
compile(source, filename, mode, PyCF_ONLY_AST)
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi File "<unknown>",
line 0
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi ^
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi SyntaxError:
unexpected EOF while parsing
2016-09-30 19:32:25.549 23311 ERROR keystone.common.wsgi
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1629446/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
