Tokenless auth: ephemeral user mapping is broken
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Guang Yee |
Bug Description
Using an ephemeral user mapping for X.509 tokenless auth, Keystone service will return an HTTP 500 internal error and then we'll see a traceback similar to this in the logs.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Feb 04 21:59:19 keystone-idp <email address hidden>[11401]: ERROR keystone.
Steps to reproduce the problem:
1) Setup X.509 tokenless auth per https:/
2) Create an ephemeral user mapping. i.e.
[
{
"local": [
{
},
"group": {
}
}
],
"remote": [
{
},
{
}
]
}
]
3. Use curl to test a keystone API. For example,
curl --cert user_cert.pem --key user_private_
tags: | added: x509 |
description: | updated |
Changed in keystone: | |
importance: | Undecided → High |
Changed in keystone: | |
milestone: | none → stein-3 |
Fix proposed to branch: master /review. openstack. org/634816
Review: https:/