** Summary changed: - Unable to list federated projects with domain-scoped token + Unable to list federated projects with unscoped token
** Description changed: When I got the federated user project list, the error is as bellow: 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__ 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi result = method(req, **params) 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 164, in inner 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi return f(self, request, *args, **kwargs) 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/federation/controllers.py", line 480, in list_projects_for_user 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi request.auth_context['group_ids']) 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi KeyError: 'group_ids' - 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi + 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi and I have got the token scoped in domain. My mapping rule is as bellow: [ { - "local": [ - { - "user": { - "name": "{0}", - "domain": { - "name": "{1}" - }, - "type": "local" - } - } - ], - "remote": [ - { - "type": "openstack_user" - }, - { - "type": "openstack_user_domain" - } - ] + "local": [ + { + "user": { + "name": "{0}", + "domain": { + "name": "{1}" + }, + "type": "local" + } + } + ], + "remote": [ + { + "type": "openstack_user" + }, + { + "type": "openstack_user_domain" + } + ] } ] - The error is that token is scoped in domain and 'group_ids' is not in the auth_context. So we should verify whether - it is in the context. + The error is that token is an unscoped token which is got from the API + “/v3/OS-FEDERATION/identity_providers/keystone-idp/protocols/saml2/auth” + and then the federated user want to get the projects. But error occurs. ** Changed in: keystone Status: Invalid => In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1693704 Title: Unable to list federated projects with unscoped token Status in OpenStack Identity (keystone): In Progress Bug description: When I got the federated user project list, the error is as bellow: 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__ 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi result = method(req, **params) 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 164, in inner 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi return f(self, request, *args, **kwargs) 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/federation/controllers.py", line 480, in list_projects_for_user 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi request.auth_context['group_ids']) 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi KeyError: 'group_ids' 2017-05-26 15:12:54.685 12742 ERROR keystone.common.wsgi and I have got the token scoped in domain. My mapping rule is as bellow: [ { "local": [ { "user": { "name": "{0}", "domain": { "name": "{1}" }, "type": "local" } } ], "remote": [ { "type": "openstack_user" }, { "type": "openstack_user_domain" } ] } ] The error is that token is an unscoped token which is got from the API “/v3/OS-FEDERATION/identity_providers/keystone- idp/protocols/saml2/auth” and then the federated user want to get the projects. But error occurs. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1693704/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp