In Kestone-to-Keystone federation, the metadata from Keystone Identity Provider needs to be exchanged with the Keystone Service Provider. This is done via the GET /OS-FEDERATION/saml2/metadata endpoint, which is returning an internal server error (500).
Looking in the log files, seems that keystone.middleware.core is trying to parse the XML body into JSON, which fails:
2014-10-22 18:15:32.177590 20576 DEBUG keystone.common.wsgi [-] arg_dict: {} __call__ /opt/stack/keystone/keystone/common/wsgi.py:191
2014-10-22 18:15:32.184124 20576 ERROR keystone.middleware.core [-] Serializer failed
2014-10-22 18:15:32.184148 20576 TRACE keystone.middleware.core Traceback (most recent call last):
2014-10-22 18:15:32.184155 20576 TRACE keystone.middleware.core File "/opt/stack/keystone/keystone/middleware/core.py", line 183, in process_response
2014-10-22 18:15:32.184168 20576 TRACE keystone.middleware.core body_obj = jsonutils.loads(response.body)
2014-10-22 18:15:32.184185 20576 TRACE keystone.middleware.core File "/usr/local/lib/python2.7/dist-packages/oslo/serialization/jsonutils.py", line 211, in loads
2014-10-22 18:15:32.184194 20576 TRACE keystone.middleware.core return json.loads(encodeutils.safe_decode(s, encoding), **kwargs)
2014-10-22 18:15:32.184201 20576 TRACE keystone.middleware.core File "/usr/lib/python2.7/json/__init__.py", line 338, in loads
2014-10-22 18:15:32.184207 20576 TRACE keystone.middleware.core return _default_decoder.decode(s)
2014-10-22 18:15:32.184213 20576 TRACE keystone.middleware.core File "/usr/lib/python2.7/json/decoder.py", line 366, in decode
2014-10-22 18:15:32.184220 20576 TRACE keystone.middleware.core obj, end = self.raw_decode(s, idx=_w(s, 0).end())
2014-10-22 18:15:32.184226 20576 TRACE keystone.middleware.core File "/usr/lib/python2.7/json/decoder.py", line 384, in raw_decode
2014-10-22 18:15:32.184232 20576 TRACE keystone.middleware.core raise ValueError("No JSON object could be decoded")
2014-10-22 18:15:32.184238 20576 TRACE keystone.middleware.core ValueError: No JSON object could be decoded
2014-10-22 18:15:32.184244 20576 TRACE keystone.middleware.core
2014-10-22 18:15:32.184740 20576 WARNING keystone.common.wsgi [-] <?xml version='1.0' encoding='UTF-8'?>
2014-10-22 18:15:32.184765 <ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" entityID="http://localhost:5000/v3/OS-FEDERATION/saml2/idp"><ns0:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor use="signing"><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>...</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:Organization><ns0:OrganizationName xml:lang="en">rodrigods</ns0:OrganizationName><ns0:OrganizationDisplayName xml:lang="en">rodrigods</ns0:OrganizationDisplayName><ns0:OrganizationURL xml:lang="en">localhost</ns0:OrganizationURL></ns0:Organization><ns0:ContactPerson contactType="technical"><ns0:Company>rodrigods</ns0:Company><ns0:GivenName>Rodrigo</ns0:GivenName><ns0:SurName>Duarte</ns0:SurName><ns0:EmailAddress><email address hidden></ns0:EmailAddress><ns0:TelephoneNumber>555-55-5555</ns0:TelephoneNumber></ns0:ContactPerson><ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</ns0:NameIDFormat><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://localhost:5000/v3/OS-FEDERATION/saml2/sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor>
here are some possible solutions:
In keystone. middleware. core.XmlBodyMid dleware, we can try to use serializer. from_xml( ) to check if the body is already a XML file. Or we can use serializer. from_xml( ) in keystone. contrib. federation. controllers. SAMLMetadataV3 to parse the metadata body before calling wsgi.render_ response( ).
Any thoughts?