Unmatched Groups in Federation Mapping raise errors
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Adam Young |
Bug Description
Mapping groups from REMOTE_USER_GROUPS (or comparable) via the rule:
"local": [
],
]
{"error": {"message": "Group {0} returned by mapping kerberos_mapping was not found in the backend. (Disable debug mode to suppress these details.)", "code": 500, "title": "Internal Server Error"}}[
Will throw an error if a group in the assertion does not exist in the Groups list. This means that all groups from all user smust exist. Much more expected is for unmatched groups to be dropped.
This should not throw a 500 error.
Changed in keystone: | |
assignee: | nobody → Marek Denis (marek-denis) |
Changed in keystone: | |
assignee: | Marek Denis (marek-denis) → Adam Young (ayoung) |
Changed in keystone: | |
importance: | Undecided → Medium |
milestone: | none → kilo-3 |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | kilo-3 → 2015.1.0 |
Fix proposed to branch: master /review. openstack. org/162788
Review: https:/