Comment 1 for bug 1811605

I was able to verify this locally. The only difference I noticed was in the second to last step, where you're able to get what appears to be a scoped token using a certificate. When I do this, I always get back an unscoped token regardless of the headers I pass in [0] (e.g., x-project-id or x-project-name + x-project-domain-id). This could be a separate issue though and something I was talking to gyee about today in IRC [1].

Otherwise - when I try and validate the unscoped token from the last step, I do see the 500.

[0] https://pasted.tech/pastes/c79647db136625ea6a2ad38c767162e7fcd2d831.raw
[1] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2019-01-23.log.html#t2019-01-23T21:32:29