Comment 4 for bug 1778989

A federated user has an entry in the 'federated_users' table and in the 'users' table. On the other hand, in keystone.identity.backends.sql.get_user_by_name we only look up names in the local_user table (https://github.com/openstack/keystone/blob/589152d094b248da81dc88db2449fb560985ae8b/keystone/identity/backends/sql.py#L191):

    def get_user_by_name(self, user_name, domain_id):
        with sql.session_for_read() as session:
            query = session.query(model.User).join(model.LocalUser)
            query = query.filter(sqlalchemy.and_(
                model.LocalUser.name == user_name,
                model.LocalUser.domain_id == domain_id))
            try:
                user_ref = query.one()
            except sql.NotFound:
                raise exception.UserNotFound(user_id=user_name)
            return base.filter_user(user_ref.to_dict())

This will never match for a federated user.