RuleProcessor assumes every element in context['environment'] can be splitted as a string as seen here: https://github.com/openstack/keystone/blob/master/keystone/contrib/federation/utils.py#L172
This is however not always the case:
curl -si -d '{
"auth": {
"identity": {
"methods": [
"saml2"
],
"saml2": {
"identity_provider": "testshib",
"protocol": "admin"
}
}
}' -H "Content-type: application/json" http://XXX:5000/v3/auth/tokens
2014-03-10 23:21:34.869 DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth contex
t. from (pid=7939) process_request /opt/stack/keystone/keystone/middleware/core.py:270
2014-03-10 23:21:34.871 DEBUG keystone.common.wsgi [-] arg_dict: {} from (pid=7939) __call__ /opt/stack/keystone/keystone/common/wsgi.py:180
2014-03-10 23:21:34.877 ERROR keystone.common.wsgi [-] 'Route' object has no attribute 'split'
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 205, in __call__
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi result = method(context, **params)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 316, in authenticate_for_token
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi self.authenticate(context, auth_info, auth_context)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/controllers.py", line 416, in authenticate
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi auth_context)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/plugins/saml2.py", line 54, in authenticate
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi fields = self._handle_unscoped_token(context, auth_payload)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/auth/plugins/saml2.py", line 77, in _handle_unscoped_token
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi mapped_properties = rule_processor.process(assertion)
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/contrib/federation/utils.py", line 172, in process
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi assertion = dict((n, v.split(';')) for n, v in assertion_data.items())
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/contrib/federation/utils.py", line 172, in <genexpr>
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi assertion = dict((n, v.split(';')) for n, v in assertion_data.items())
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi AttributeError: 'Route' object has no attribute 'split'
2014-03-10 23:21:34.877 TRACE keystone.common.wsgi
2014-03-10 23:21:34.881 INFO eventlet.wsgi.server [-] 84.99.59.174 - - [10/Mar/2014 23:21:34] "POST /v3/auth/tokens HTTP/1.1" 500 331 0.012142
---------
Fix proposed to branch: master /review. openstack. org/80293
Review: https:/