Horizon Provides wrong RC file
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Medium
|
Akihiro Motoki |
Bug Description
The are many ways to authenticate to keystone service saml, openid, ldap, etc.
each use case has it's own environment variables requirements to make a successful API request.
for example saml2 openrc file needs to contain:
--os-auth-type v3samlpassword
--os-identity-
--os-identity-
--os-protocol saml2
--os-username <federated username>
--os-password
--os-auth-url http://
--os-project-name demo
--os-project-
--os-identity-
OIDC, ldap, mellon, k2k - they are all different.
The RC file provided by horizon is wrong, maybe most of the time.
https:/
Since these files are only available to users after they log in, they should be provided dynamically from keystone service.
Changed in horizon: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
What horizon can know are limited to information included in token response. Horizon cannot know all required information to cover all possible authentication mechanism. From this reason, I think what horizon can support is only the basic password authentication.
Possible workaround is to provide a way to disable download links of openrc and clouds.yaml. When an operator uses a different auth method, they can disable the links.
Another possible solution is to provider a way to define a custom template for "openrc".
Does it sound reasonable?