[Yahoo-eng-team] [Bug 1760205] [NEW] A deleted federated user cannot be recreated for some time

Fri, 30 Mar 2018 13:32:37 -0700 

Public bug reported:

When you delete a shadow user and the user tries to log in again through
federation, they'll get a can't find user error. Retrying after 10 (or
so) minutes works.

My Setup
--------
1. devstack-idp is the identity provider for service provider devstack-sp1, 
using Keystone to Keystone (SAML) with Shibboleth
2. user-idp gets a SAML assertion from devstack-idp keystone and uses that to 
authenticate with devstack-sp1 keystone.
3. devstack-sp1 create shadow user user-sp1.
4. admin deletes user-sp1 in devstack-sp1.
5. Step two is performed again
6. user-idp gets a 'Could not find user <user-sp1_id>' from devstack-sp1.
7. After 10 (or so) minutes user tries again, this time it works and he is able 
to authenticate to <user-sp1> (id of this user-sp1 is different than the prior 
one).

** Affects: keystone
     Importance: Undecided
         Status: New


** Tags: federation

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1760205

Title:
  A deleted federated user cannot be recreated for some time

Status in OpenStack Identity (keystone):
  New

Bug description:
  When you delete a shadow user and the user tries to log in again
  through federation, they'll get a can't find user error. Retrying
  after 10 (or so) minutes works.

  My Setup
  --------
  1. devstack-idp is the identity provider for service provider devstack-sp1, 
using Keystone to Keystone (SAML) with Shibboleth
  2. user-idp gets a SAML assertion from devstack-idp keystone and uses that to 
authenticate with devstack-sp1 keystone.
  3. devstack-sp1 create shadow user user-sp1.
  4. admin deletes user-sp1 in devstack-sp1.
  5. Step two is performed again
  6. user-idp gets a 'Could not find user <user-sp1_id>' from devstack-sp1.
  7. After 10 (or so) minutes user tries again, this time it works and he is 
able to authenticate to <user-sp1> (id of this user-sp1 is different than the 
prior one).

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1760205/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to