unable to generate saml assertion
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Steve Martinelli |
Bug Description
root@sl-kilo-idp:~# curl -i -k \
> -H "Content-Type: application/json" \
> -d '
> {
> "auth": {
> "identity": {
> "methods": [
> "token"
> ],
> "token": {
> "id": "94e2a49d18604a
> }
> },
> "scope": {
> "service_provider": {
> "id": "keystone-sp"
> }
> }
> }
> }' \
> https:/
HTTP/1.1 500 Internal Server Error
Date: Wed, 04 Mar 2015 12:31:32 GMT
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 618
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator,
webmaster@
and anything you might have done that may have
caused the error.</p>
<p>More information about this error may be available
in the server error log.</p>
<hr>
<address>
</body></html>
Changed in keystone: | |
importance: | Undecided → High |
status: | New → Confirmed |
milestone: | none → kilo-3 |
Changed in keystone: | |
assignee: | nobody → Steve Martinelli (stevemar) |
status: | Confirmed → Fix Committed |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | kilo-3 → 2015.1.0 |
upon inspecting the function, the actual SAML response is fine at the controller level: https:/ /github. com/openstack/ keystone/ blob/master/ keystone/ contrib/ federation/ controllers. py#L338- L339
seems to be a bug in wsgi.py, probably around here: /github. com/openstack/ keystone/ blob/master/ keystone/ common/ wsgi.py# L738-L782
https:/