OpenStack Identity (keystone)

Token authentication fails with 500 error

Bug #2072945 reported by Taekyun Kim on 2024-07-12

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	New	Undecided	Unassigned

Bug Description

Token authentication fails when using a token issued via application credential.

Below code demonstrate the failure.
(I used keystoneauth1 but plain HTTP requests with curl will also fail.)

=== Beginning of code ===

from keystoneauth1 import identity
from keystoneauth1 import session

app_cred = identity.V3ApplicationCredential(
    auth_url='http://10.11.22.100/identity',
    application_credential_id='<app-cred-id>',
    application_credential_secret='<app-cred-secret>',
)

session_app_cred = session.Session(auth=app_cred)
ref = app_cred.get_auth_ref(session=session_app_cred)

token = identity.Token(
    auth_url='http://10.11.22.100/identity',
    token=ref.auth_token,
    project_name='demo',
    project_domain_name='default',
)

session_token = session.Session(auth=token)
res = token.get_auth_ref(session=session_token)
print(res.auth_token)

=== End of code ===

The error was caused by below code line.
https://opendev.org/openstack/keystone/src/commit/0bc2af48d5eabb59627f0b733a9fec42ff3759aa/keystone/api/_shared/authentication.py#L212

If it is the case that the token should not be authenticated, correct error response should be produced.
Otherwise, the authentication should be successful.

I made a simple fix to this problem and applied to my deployment.
Please check the problem and feel free to ask me for any futher details.

Thanks.

Revision history for this message

David Wilde (dave-wilde) wrote on 2024-07-24:

Hi,

I think you are correct, the exception should be caught and handled correctly. Are you able to provide the fix you have implemented?

Thanks!

Revision history for this message

Taekyun Kim (podain) wrote on 2024-07-26:

Yes sure, will post patch on the gerrit soon.

Revision history for this message

Taekyun Kim (podain) wrote on 2024-08-01:

This is a duplicate of https://bugs.launchpad.net/keystone/+bug/1878438
Any further discussions will continue on the original issue.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.