I am still unable to create this the directions supplied in the description. I started with a fresh installation and did the following:
1.) installed keystone from source @ 239bc3627cfb0546148e9d496f9e1536057052a7
2.) recreated the database and populated it with data
3.) source the administrator's account
I am still unable to create this the directions supplied in the description. I started with a fresh installation and did the following:
1.) installed keystone from source @ 239bc3627cfb054 6148e9d496f9e15 36057052a7
2.) recreated the database and populated it with data
3.) source the administrator's account
$ source rcfiles/adminrc 127.0.0. 1:35357/ v3 API_VERSION= 3 password NAME=admin DOMAIN= default
$ cat rcfiles/adminrc
export OS_AUTH_URL=http://
export OS_IDENTITY_
export OS_USERNAME=admin
export OS_PASSWORD=
export OS_PROJECT_
export OS_DEFAULT_
4.) created a federated domain
$ openstack domain create federated_domain ------- +------ ------- ------- ------- ------- + ------- +------ ------- ------- ------- ------- + f8c88fdc69b836d 25 | ------- +------ ------- ------- ------- ------- +
+------
| Field | Value |
+------
| description | |
| enabled | True |
| id | 50dfec355794433
| name | federated_domain |
+------
5.) created a group for federated users
$ openstack group create federated_users ------- +------ ------- ------- ------- ------- + ------- +------ ------- ------- ------- ------- + 1b6616fa6869404 0f | ------- +------ ------- ------- ------- ------- +
+------
| Field | Value |
+------
| description | |
| domain_id | default |
| id | c309cb3466854b6
| name | federated_users |
+------
6.) granted the federated group the admin role on the federated domain
$ openstack role add --group federated_users --domain federated_domain admin users@Default
$ openstack role assignment list -f yaml --names
- Domain: ''
Group: ''
Inherited: false
Project: admin@Default
Role: admin
User: admin@Default
- Domain: federated_domain
Group: federated_
Inherited: false
Project: ''
Role: admin
User: ''
7.) created an identity provider
$ openstack identity provider create --remote-id https:/ /accounts. google. com myidp ------- +------ ------- ------- ------- ------- + ------- +------ ------- ------- ------- ------- + a94bb6ad109305e 43 | /accounts. google. com | ------- +------ ------- ------- ------- ------- +
+------
| Field | Value |
+------
| description | None |
| domain_id | 6079116d115d407
| enabled | True |
| id | myidp |
| remote_ids | https:/
+------
8.) created a mapping
$ cat rules.json
"user" : {
" name": "{0}"
"group" : {
" domain" : {
"name" : "Default"
} ,
" name": "federated_users"
"type" : "HTTP_OIDC_EMAIL" -+----- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- -----+ -+----- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- -----+ OIDC_EMAIL' }], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': | users'} , u'user': {u'name': u'{0}'}}]}] | -+----- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- -----+
[
{
"local": [
{
},
}
}
],
"remote": [
{
}
]
}
]
$ openstack mapping create --rules rules.json myidp_mapping
+------
| Field | Value |
+------
| id | myidp_mapping |
| rules | [{u'remote': [{u'type': u'HTTP_
| | u'federated_
+------
9.) create a protocol
$ openstack federation protocol create mapped --mapping myidp_mapping --identity-provider myidp ------- ------+ ------- ------- -+ ------- ------+ ------- ------- -+ ------- ------+ ------- ------- -+
+------
| Field | Value |
+------
| id | mapped |
| identity_provider | myidp |
| mapping | myidp_mapping |
+------
I was able to delete and recreate the mapping without issue. Is there something in a separate rules file when creating the second mapping?
Marking this as invalid for now. Please feel free to reopen if there is more information that helps clarify how to recreate this.