Reviewed: https://review.openstack.org/553592 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=ccdf2d976f4d26df4f6a2a915da6ff0f643757ac Submitter: Zuul Branch: master
commit ccdf2d976f4d26df4f6a2a915da6ff0f643757ac Author: Lance Bragstad <[email protected]> Date: Thu Mar 15 19:39:43 2018 +0000 Add logging for xmlsec1 installation Keystone uses a library called xmlsec1 to create SAML assertions when acting as an identity provider. If this library isn't present and someone attempts to authenticate, keystone will throw an HTTP 500. The only thing the error says is that a file or directory doesn't exist. This patch uses subprocess to check if the provided binary actually exists on the system and handles cases when it isn't and logs a useful message for operators. Change-Id: I41cf87702df5389c1424d35f0abcef9c16301450 Closes-Bug: 1750917 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1750917 Title: Insufficient logging when xmlsec binary is missing Status in OpenStack Identity (keystone): Fix Released Bug description: Keystone log is also unhelpful. All we got is "ERROR idp _sign_assertion Error when signing assertion, reason: [Errno 2] No such file or directory" When the xmlsec1 package is absent. We may need to add a check here https://github.com/openstack/keystone/blob/master/keystone/federation/idp.py#L421 to see if CONF.saml.xmlsec1_binary exist. If absent, we just to provide a more helpful log entry. Steps to reproduce: 1. Install devstack and enable federation. 2. Uninstall the xmlsec1 package 3. Try to authenticate via federation and you'll get a HTTP 500 error and the corresponding log entry in keystone.log To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1750917/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
