WebSSO unable to support multiple identity providers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Colleen Murphy |
Bug Description
When performing WebSSO authentication (i.e. openid connect), if there are multiple identity providers exist, regardless of protocol and mapping association, Keystone will yield the following error.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Aug 01 03:41:21 localhost <email address hidden>[26546]: ERROR keystone.
Keystone should've either catch the exception and move onto the next lookup or parse the identity provider from the request path.
Steps to reproduce the problem.
1. following the doc to setup WebSSO against Google OpenID Connect provider
2. create one more identity provider with a different protocol and mapping
3. attempt to login from Horizon should yield something like "{"error"
Changed in keystone: | |
assignee: | nobody → Colleen Murphy (krinkle) |
status: | New → Confirmed |
importance: | Undecided → High |
Looks it was caused by this patch
https:/ /review. opendev. org/#/c/ 637305/