Public bug reported: I've set up stable/mitaka keystone with AD FS and it worked. After some time, i decided to test the set up again and after trying to authenicate i've got HTTP 500.
In keystone logs, there is this: http://paste.openstack.org/show/492968/ (the logs are the same as below). This happens because self.update_federated_user_display_name is called in identity_api.shadow_federated_user. Since no update_federated_user_display_name is defined in identity_api, __getattr__ tries to lookup the name in the driver. The driver used for identity_api hasn't update_federated_user_display_name, and AttributeError is raised. The issue seems to exist on both stable/mitaka and master (6f9f390). 2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] direct_maps: <keystone.federation.utils.DirectMaps object at 0x7fef82155850> _update_local_mapping /opt/stack/keystone/keystone/federation/utils.py:691 2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] local: {u'id': u'f7567142a8024543ab678de7be553dbf'} _update_local_mapping /opt/stack/keystone/keystone/federation/utils.py:692 2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] identity_values: [{u'user': {u'domain': {u'name': u'Default'}, u'name': u'bre...@winad.org'}}, {u'group': {u'id': u'f7567142a8024543ab678de7be553dbf'}}] proc ess /opt/stack/keystone/keystone/federation/utils.py:535 2016-04-05 11:53:56.174 2100 DEBUG keystone.federation.utils [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] mapped_properties: {'group_ids': [u'f7567142a8024543ab678de7be553dbf'], 'user': {u'domain': {'id': 'Federated'}, 'type': 'ephemeral', u'name': u'breton@winad .org'}, 'group_names': []} process /opt/stack/keystone/keystone/federation/utils.py:537 2016-04-05 11:53:56.273 2100 ERROR keystone.common.wsgi [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] 'Identity' object has no attribute 'update_federated_user_display_name' 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi Traceback (most recent call last): 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 249, in __call__ 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi result = method(context, **params) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/federation/controllers.py", line 320, in federated_sso_auth 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi protocol_id) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/federation/controllers.py", line 302, in federated_authentication 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi return self.authenticate_for_token(context, auth=auth) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 396, in authenticate_for_token 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi self.authenticate(context, auth_info, auth_context) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 520, in authenticate 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi auth_context) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/plugins/mapped.py", line 65, in authenticate 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi self.identity_api) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/plugins/mapped.py", line 153, in handle_unscoped_token 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi display_name) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/manager.py", line 124, in wrapped 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1053, in decorate 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi should_cache_fn) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 657, in get_or_create 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi async_creator) as value: 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 158, in __enter__ 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi return self._enter() 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 98, in _enter 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi generated = self._enter_create(createdtime) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 149, in _enter_create 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi created = self.creator() 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 625, in gen_value 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi created_value = creator() 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1049, in creator 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi return fn(*arg, **kw) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/identity/core.py", line 1242, in shadow_federated_user 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi self.update_federated_user_display_name(idp_id, protocol_id, 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/manager.py", line 187, in __getattr__ 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi f = getattr(self.driver, name) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi AttributeError: 'Identity' object has no attribute 'update_federated_user_display_name' 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi ** Affects: keystone Importance: Undecided Assignee: Boris Bobrov (bbobrov) Status: New ** Changed in: keystone Assignee: (unassigned) => Boris Bobrov (bbobrov) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1566282 Title: Returning federated user fails to authenticate with HTTP 500 Status in OpenStack Identity (keystone): New Bug description: I've set up stable/mitaka keystone with AD FS and it worked. After some time, i decided to test the set up again and after trying to authenicate i've got HTTP 500. In keystone logs, there is this: http://paste.openstack.org/show/492968/ (the logs are the same as below). This happens because self.update_federated_user_display_name is called in identity_api.shadow_federated_user. Since no update_federated_user_display_name is defined in identity_api, __getattr__ tries to lookup the name in the driver. The driver used for identity_api hasn't update_federated_user_display_name, and AttributeError is raised. The issue seems to exist on both stable/mitaka and master (6f9f390). 2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] direct_maps: <keystone.federation.utils.DirectMaps object at 0x7fef82155850> _update_local_mapping /opt/stack/keystone/keystone/federation/utils.py:691 2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] local: {u'id': u'f7567142a8024543ab678de7be553dbf'} _update_local_mapping /opt/stack/keystone/keystone/federation/utils.py:692 2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] identity_values: [{u'user': {u'domain': {u'name': u'Default'}, u'name': u'bre...@winad.org'}}, {u'group': {u'id': u'f7567142a8024543ab678de7be553dbf'}}] proc ess /opt/stack/keystone/keystone/federation/utils.py:535 2016-04-05 11:53:56.174 2100 DEBUG keystone.federation.utils [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] mapped_properties: {'group_ids': [u'f7567142a8024543ab678de7be553dbf'], 'user': {u'domain': {'id': 'Federated'}, 'type': 'ephemeral', u'name': u'breton@winad .org'}, 'group_names': []} process /opt/stack/keystone/keystone/federation/utils.py:537 2016-04-05 11:53:56.273 2100 ERROR keystone.common.wsgi [req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] 'Identity' object has no attribute 'update_federated_user_display_name' 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi Traceback (most recent call last): 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 249, in __call__ 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi result = method(context, **params) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/federation/controllers.py", line 320, in federated_sso_auth 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi protocol_id) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/federation/controllers.py", line 302, in federated_authentication 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi return self.authenticate_for_token(context, auth=auth) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 396, in authenticate_for_token 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi self.authenticate(context, auth_info, auth_context) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 520, in authenticate 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi auth_context) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/plugins/mapped.py", line 65, in authenticate 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi self.identity_api) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/plugins/mapped.py", line 153, in handle_unscoped_token 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi display_name) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/manager.py", line 124, in wrapped 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1053, in decorate 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi should_cache_fn) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 657, in get_or_create 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi async_creator) as value: 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 158, in __enter__ 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi return self._enter() 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 98, in _enter 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi generated = self._enter_create(createdtime) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 149, in _enter_create 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi created = self.creator() 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 625, in gen_value 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi created_value = creator() 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1049, in creator 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi return fn(*arg, **kw) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/identity/core.py", line 1242, in shadow_federated_user 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi self.update_federated_user_display_name(idp_id, protocol_id, 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/manager.py", line 187, in __getattr__ 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi f = getattr(self.driver, name) 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi AttributeError: 'Identity' object has no attribute 'update_federated_user_display_name' 2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1566282/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp