I was able to resolve the issue by removing "external" from the authentication methods in keystone.conf.
methods = external,password,token,saml2
to
methods = password,token,saml2
I "think" this occurs because my mapping uses REMOTE_USER and if external is configured, it creates an AuthContext using the external method and then later attempts to set the user_id using the saml auth method, resulting in a dup.
I was able to resolve the issue by removing "external" from the authentication methods in keystone.conf.
methods = external, password, token,saml2 token,saml2
to
methods = password,
I "think" this occurs because my mapping uses REMOTE_USER and if external is configured, it creates an AuthContext using the external method and then later attempts to set the user_id using the saml auth method, resulting in a dup.
Note: this doc warns against external and federation: http:// docs.openstack. org/developer/ keystone/ external- auth.html# configuration