Seems it still doesn't work with the current method of assigning the role through a pre-created group, and assigning this group to the federated users.
So did a direct role assignment to the federated users, since it is possible now.
However still there are some issues:
1. Because this user doesn't exist until she/he tries to log in, one cannot provision user roles beforehand.
2. Still there's an issue with the trust creation (logs from keystone follows):
Ok, progressed further:
Seems it still doesn't work with the current method of assigning the role through a pre-created group, and assigning this group to the federated users.
So did a direct role assignment to the federated users, since it is possible now.
However still there are some issues:
1. Because this user doesn't exist until she/he tries to log in, one cannot provision user roles beforehand.
2. Still there's an issue with the trust creation (logs from keystone follows):
2016-10-03 13:16:11.411 26415 DEBUG keystone. middleware. auth [req-5f45f373- 0097-4325- 87f2-7dca317b71 b8 6a299f31021c417 bb15e0de347d052 8f cb6344592c4e4fb 99a15ccef715ada 25 - Federated default] RBAC: auth_context: {'is_delegated_ auth': False, 7bb15e0de347d05 28f', 'roles': [u'_member_', u'_member_'], 'user_domain_id': 'Federated', 'consumer_id': None, 'trustee_id': None, 'is_domain': False, 'trustor_id': None, 'token': <Keysto id=ZZsqGTjjRACs _Hny2yXXIg, audit_chain_ id=ZZsqGTjjRACs _Hny2yXXIg) at 0x7f6b37da0e30>, 'group_ids': [], 'project_id': u'cb6344592c4e4 fb99a15ccef715a da25', 'trust_id': None, 'project_ domain_ id': u'default'} fill_context /usr/ 7/dist- packages/ keystone/ middleware/ auth.py: 243 common. wsgi [req-5f45f373- 0097-4325- 87f2-7dca317b71 b8 6a299f31021c417 bb15e0de347d052 8f cb6344592c4e4fb 99a15ccef715ada 25 - Federated default] POST http:// cloudtest. duodecadits. com:35357/ v3/OS-TRU common. controller [req-5f45f373- 0097-4325- 87f2-7dca317b71 b8 6a299f31021c417 bb15e0de347d052 8f cb6344592c4e4fb 99a15ccef715ada 25 - Federated default] RBAC: Authorizing identity: create_ trust(trust= fb99a15ccef715a da25', u'trustor_user_id': u'6a299f31021c4 17bb15e0de347d0 528f', u'roles': [{u'name': u'_member_'}, {u'name': u'_member_'}], u'trustee_user_id': u'1345a05dcf2a4 42592fb77 policy_ check_credentia ls /usr/lib/ python2. 7/dist- packages/ keystone/ common/ controller. py:80 policy. backends. rules [req-5f45f373- 0097-4325- 87f2-7dca317b71 b8 6a299f31021c417 bb15e0de347d052 8f cb6344592c4e4fb 99a15ccef715ada 25 - Federated default] enforce identity: create_ trust: {'is_delega 7bb15e0de347d05 28f', 'roles': [u'_member_', u'_member_'], 'user_domain_id': 'Federated', 'consumer_id': None, 'trustee_id': None, 'is_domain': False, 'trustor_id': None, id=ZZsqGTjjRACs _Hny2yXXIg, audit_chain_ id=ZZsqGTjjRACs _Hny2yXXIg) at 0x7f6b37da0e30>, 'group_ids': [], 'project_id': u'cb6344592c4e4 fb99a15ccef715a da25', 'trust_id': None, 'project_ domain_ id': u'default'} e python2. 7/dist- packages/ keystone/ policy/ backends/ rules.py: 76 common. controller [req-5f45f373- 0097-4325- 87f2-7dca317b71 b8 6a299f31021c417 bb15e0de347d052 8f cb6344592c4e4fb 99a15ccef715ada 25 - Federated default] RBAC: Authorization granted inner /usr/lib/pyt dist-packages/ keystone/ common/ controller. py:163 common. sql.core [req-5f45f373- 0097-4325- 87f2-7dca317b71 b8 6a299f31021c417 bb15e0de347d052 8f cb6344592c4e4fb 99a15ccef715ada 25 - Federated default] Conflict trust: (pymysql. err.IntegrityEr ror) (1062, u"Duplicate entry 'c4a1d781b4d941 8c9b747a6d82773 40c-9fe2ff9ee43 84b1894a90878d3 e92ba' for key 'PRIMARY'") [SQL: u'INSERT INTO trust_role (trust_id, role_id) VALUES (%(trust_id)s, %(role_id)s)'] [parameters: ({'trust_id': 'c4a1d781b4d941 8c9b747a6d82773 40c', 'role_id': u'9fe2ff9ee4384 b1894a90878d3e9 2bab'}, {'trust_id': 'c4a1d781b4d941 8c9b747a6d82773 40c', 'role_id': u'9fe2ff9ee4384 b1894a90878d3e9 2bab'}) ] wrapper /usr/lib/ python2. 7/dist- packages/ keystone/ common/ sql/core. py:435 common. wsgi [req-5f45f373- 0097-4325- 87f2-7dca317b71 b8 6a299f31021c417 bb15e0de347d052 8f cb6344592c4e4fb 99a15ccef715ada 25 - Federated default] Conflict occurred attempting to store trust - Duplicate Entry
'access_token_id': None, 'user_id': '6a299f31021c41
neToken (audit_
lib/python2.
2016-10-03 13:16:11.414 26415 INFO keystone.
ST/trusts
2016-10-03 13:16:11.415 26415 DEBUG keystone.
{u'impersonation': True, u'project_id': u'cb6344592c4e4
0d53c114a0'}) _build_
2016-10-03 13:16:11.417 26415 DEBUG keystone.
ted_auth': False, 'access_token_id': None, 'user_id': '6a299f31021c41
'token': <KeystoneToken (audit_
nforce /usr/lib/
2016-10-03 13:16:11.418 26415 DEBUG keystone.
hon2.7/
2016-10-03 13:16:11.476 26415 DEBUG keystone.
2016-10-03 13:16:11.477 26415 WARNING keystone.
Note that the 'roles': [u'_member_', u'_member_'], the role is duplicated for some reason.