** Changed in: keystone
Status: Fix Committed => Fix Released
** Changed in: keystone
Milestone: None => juno-3
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1354315
Title:
REMOTE_USER as empty string results in authentication failure
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
On some federation setups (observed on Apache 2.4.7 + shibboleth 2.5.2, on
Ubuntu 14.04) the REMOTE_USER environment variable is set to the empty string
when performing a SAML-backed authentication, even though shibboleth is
configured so that it doesn't populate REMOTE_USER with any assertion.
This causes the external auth method to take over the expected saml2 auth
method, and results in a 401 failure since user '' cannot be found.
A workaround is to disable the external auth method in
/etc/keystone/keystone.conf.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1354315/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
