[19.04] using federation does not exclude 'external' authentication plugin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Keystone Charm |
Fix Released
|
High
|
David Ames |
Bug Description
As the doc to the "methods" Keystone option notes, using 'extenral' authentication method present in our templates by default with federation ('mapped' auth plugin) may cause conflicts.
https:/
help=
Allowed authentication methods. Note: You should disable the `external` auth
method if you are currently using federation. External auth and federation
both use the REMOTE_USER variable. Since both the mapped and external plugin
are being invoked to validate attributes in the request environment, it can
cause conflicts.
"""))
We should consider making usage of 'external' authentication plugin and federation mutually exclusive.
Note: at the time of writing usage of 'external' authentication plugin with charms is not technically possible (https:/
Changed in charm-keystone: | |
status: | Fix Committed → Fix Released |
TRIAGE:
For LP Bug #1828015 [0] and this one the solution is to create a auth methods context which does all the logic to correctly set auth_methods in keystone.conf
[0] https:/ /bugs.launchpad .net/charm- keystone/ +bug/1828015/ comments/ 3