Identity token derived from RequestContext is missing domain info

Bug #1733898 reported by Alan Bishop on 2017-11-22
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Alan Bishop

Bug Description

When the Barbican key manager creates an identity token derived from a
RequestContext, the context's project domain info isn't included. As a result,
subsequent keystone authentication will use the v2 auth plugin, even when the
request context supports v3.

See [1] for an example of how this can cause problems. In the example, the key
manager request fails because TripleO isn't enabling the keystone v2 endpoint.


Changed in barbican:
assignee: nobody → Alan Bishop (alan-bishop)

This issue was fixed in the openstack/castellan 0.15.1 release.

Jeremy Liu (liujiong) on 2017-12-20
affects: barbican → castellan
Changed in castellan:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers