In Kestone-to-Keystone federation, the metadata from Keystone Identity Provider needs to be exchanged with the Keystone Service Provider. This is done via the GET /OS-FEDERATION/saml2/metadata endpoint, which is returning an internal server error (500).
Looking in the log files, seems that keystone.middleware.core is trying to parse the XML body into JSON, which fails:
In Kestone-to-Keystone federation, the metadata from Keystone Identity Provider needs to be exchanged with the Keystone Service Provider. This is done via the GET /OS-FEDERATION/ saml2/metadata endpoint, which is returning an internal server error (500).
Looking in the log files, seems that keystone. middleware. core is trying to parse the XML body into JSON, which fails:
2014-10-22 18:15:32.177590 20576 DEBUG keystone. common. wsgi [-] arg_dict: {} __call__ /opt/stack/ keystone/ keystone/ common/ wsgi.py: 191 middleware. core [-] Serializer failed middleware. core Traceback (most recent call last): middleware. core File "/opt/stack/ keystone/ keystone/ middleware/ core.py" , line 183, in process_response middleware. core body_obj = jsonutils. loads(response. body) middleware. core File "/usr/local/ lib/python2. 7/dist- packages/ oslo/serializat ion/jsonutils. py", line 211, in loads middleware. core return json.loads( encodeutils. safe_decode( s, encoding), **kwargs) middleware. core File "/usr/lib/ python2. 7/json/ __init_ _.py", line 338, in loads middleware. core return _default_ decoder. decode( s) middleware. core File "/usr/lib/ python2. 7/json/ decoder. py", line 366, in decode middleware. core obj, end = self.raw_decode(s, idx=_w(s, 0).end()) middleware. core File "/usr/lib/ python2. 7/json/ decoder. py", line 384, in raw_decode middleware. core raise ValueError("No JSON object could be decoded") middleware. core ValueError: No JSON object could be decoded middleware. core common. wsgi [-] <?xml version='1.0' encoding='UTF-8'?> riptor xmlns:ns0= "urn:oasis: names:tc: SAML:2. 0:metadata" xmlns:ns1="http:// www.w3. org/2000/ 09/xmldsig#" entityID="http:// 10.1.0. 119:5000/ v3/OS-FEDERATIO N/saml2/ idp"><ns0: IDPSSODescripto r protocolSupport Enumeration= "urn:oasis: names:tc: SAML:2. 0:protocol" ><ns0:KeyDescri ptor use="signing" ><ns1:KeyInfo> <ns1:X509Data> <ns1:X509Certif icate>MIIDdzCCA l+gAwIBAgIJAOgk lzho/RFaMA0GCSq GSIb3DQEBCwUAMF IxCzAJBgNVBAYTA lVTMQ4wDAYDVQQI DAVVbnNldDEOMAw GA1UEBwwFVW5zZX QxDjAMBgNVBAoMB VVuc2V0MRMwEQYD VQQDDAoxMC4xLjA uMTE5MB4XDTE0MT AyMTIxMTYzOVoXD TI0MTAxODIxMTYz OVowUjELMAkGA1U EBhMCVVMxDjAMBg NVBAgMBVVuc2V0M Q4wDAYDVQQHDAVV bnNldDEOMAwGA1U ECgwFVW5zZXQxEz ARBgNVBAMMCjEwL jEuMC4xMTkwggEi MA0GCSqGSIb3DQE BAQUAA4IBDwAwgg EKAoIBAQDaswLUY IGtzwSb076zv5hE hvWTxRoGvDbzwfL hGFq0r1UaSg7zyA YJDZKd60V1gOAKu IzfsJy1CpHLActB GYReVERYfLQWXaC pmB9fbqr5lGFeoe JcqSxgD0tJePB72 m5ZiDjBanSO/ s2zMM6JnZzfU3JJ nlKrh0bDAFSVAJU JbjV8VSDu1h8d3Z pN40J9Wmix7fM3b iqoiSzVr4YAIWjM EoG2qamXACrMdXN /dOD56+ zBgNvtrbDaIIGbj 9MyIaEbqg/ Axa72L2Jt3BZ/ LEmhd4TFOMCIlMC 2cU3iMv39y7H5uC KYVsP1aC815/ F0ErbcD8bgrxX+ y72HShP8mUFrAgM BAAGjUDBOMAwGA1 UdEwQFMAMBAf8wH QYDVR0OBBYEFNJD n6/evXe/ g+cELre4Q+ nCxwMNMB8GA1UdI wQYMBaAFNJDn6/ evXe/g+ cELre4Q+ nCxwMNMA0GCSqGS Ib3DQEBCwUAA4IB AQBxdoq8r5gk1UU ygMYrVzIK2U0X3W IH2aDgu73G4iqZk 8M/nAS6KbaeMuMe 8GhA3gFuRIP11O+ +Kmue4p/ 0vCnTEiE3w729Rd dmm2c7oDGBE+ VFby3EtXH0T3Wln 3aF4bjq4Lc0UjyX OgwgzA8fGa7GCSL xrwEDVsiKa7LmyC GIUfUnh1YBRu/ HCEs8TyhviTGBKw +WgHsVDvfH+ 8tZyBT0ctAdO2aY MpvqhI5+ dCY8+uTuHFK3RAC YvkRfXqnenP0Dfn uxzlI/6H/ D6KBi6alM5aXCZg B3A9PFddYXV7Thp /67xophi5gJuuZ2 RMvctxRjlr06rK0 3yEXgt/ ueRgI+< /ns1:X509Certif icate>< /ns1:X509Data> </ns1:KeyInfo> </ns0:KeyDescri ptor><ns0: Organization> <ns0:Organizati onName xml:lang= "en">rodrigods< /ns0:Organizati onName> <ns0:Organizati onDisplayName xml:lang= "en">rodrigods< /ns0:Organizati onDisplayName> <ns0:Organizati onURL xml:lang= "en">10. 1.0.119< /ns0:Organizati onURL>< /ns0:Organizati on><ns0: ContactPerson contactType= "technical" ><ns0:Company> rodrigods< /ns0:Company> <ns0:GivenName> Rodrigo< /ns0:GivenName> <ns0:SurName> Duarte< /ns0:SurName> <ns0:EmailAddre ss><email address hidden> </ns0:EmailAddr ess><ns0: TelephoneNumber >555-55- 5555</ns0: TelephoneNumber ></ns0: ContactPerson> <ns0:NameIDForm at>urn: oasis:names: tc:SAML: 2.0:nameid- format: transient< /ns0:NameIDForm at><ns0: SingleSignOnSer vice Binding= "urn:oasis: names:tc: SAML:2. 0:bindings: URI" Location="http:// 10.1.0. 119:5000/ v3/OS-FEDERATIO N/saml2/ sso" /></ns0: IDPSSODescripto r></ns0: EntityDescripto r>
2014-10-22 18:15:32.184124 20576 ERROR keystone.
2014-10-22 18:15:32.184148 20576 TRACE keystone.
2014-10-22 18:15:32.184155 20576 TRACE keystone.
2014-10-22 18:15:32.184168 20576 TRACE keystone.
2014-10-22 18:15:32.184185 20576 TRACE keystone.
2014-10-22 18:15:32.184194 20576 TRACE keystone.
2014-10-22 18:15:32.184201 20576 TRACE keystone.
2014-10-22 18:15:32.184207 20576 TRACE keystone.
2014-10-22 18:15:32.184213 20576 TRACE keystone.
2014-10-22 18:15:32.184220 20576 TRACE keystone.
2014-10-22 18:15:32.184226 20576 TRACE keystone.
2014-10-22 18:15:32.184232 20576 TRACE keystone.
2014-10-22 18:15:32.184238 20576 TRACE keystone.
2014-10-22 18:15:32.184244 20576 TRACE keystone.
2014-10-22 18:15:32.184740 20576 WARNING keystone.
2014-10-22 18:15:32.184765 <ns0:EntityDesc