I created a new user "user1" in "domain1" with "admin" role. Then created a
new domain "domain2" and assigned role "Member" to "user1" on "domain2". I
tried following combinations to repo :
1. Request token by specifying authenticate domain "domain1" in "identity",
also passing domain2 as scope. It worked fine!
2. Request token by specifying authenticate domain "domain2" in "identity",
also passing domain2 as scope. This one Failed!
3. Request token not specifying domain in "identity", also passing domain2 as
scope. This one Failed!
I went through the implementation, user only belongs to one domain though
user's roles can be assigned to multiple domains. Authentication has to be
against the domain specified when creating this user. So I think this behavior
makes sense and is by design.
Please reopen it if you this is different from what you saw.
Thanks,
Xuhui
** Changed in: keystone
Status: New => In Progress
** Changed in: keystone
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1261847
Title:
User with admin role in one domain and role member in another domain,
usually works as admin but can not generate a token using role member
Status in OpenStack Identity (Keystone):
Invalid
Bug description:
When create a user with admin role in a domain 'X' and assigning the
same user role as a member 'Y' domain. When requesting a token in v3
keystone for the 'Y' domain, an error is returned to the user is not
associated with this domain, and the user can not progress.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1261847/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
