MOS9.0
python-openstackclient-2.2.0

When I have tried get tooken from keystone.idp I had the following error:
/usr/local/bin/openstack --debug --os-auth-type v3samlpassword --os-identity-provider cloud1 --os-identity-provider-url  http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp --os-username admin --os-password admin --os-project-name admin --os-project-domain-name Default --os-auth-url http://10.200.11.3:5000/v3 --os-protocol saml2 token issue
WARNING: openstackclient.common.utils is deprecated and will be removed after Jun 2017. Please use osc_lib.utils
START with options: [u'--debug', u'--os-auth-type', u'v3samlpassword', u'--os-identity-provider', u'cloud1', u'--os-identity-provider-url', u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', u'--os-username', u'admin', u'--os-password', u'admin', u'--os-project-name', u'admin', u'--os-project-domain-name', u'Default', u'--os-auth-url', u'http://10.200.11.3:5000/v3', u'--os-protocol', u'saml2', u'token', u'issue']
options: Namespace(access_key='', access_secret='***', access_token='***', access_token_endpoint='', access_token_type='', auth_type=u'v3samlpassword', auth_url=u'http://10.200.11.3:5000/v3', authorization_code='', cacert=None, cert='', client_id='', client_secret='***', cloud='', consumer_key='', consumer_secret='***', debug=True, default_domain='Default', default_domain_id='', default_domain_name='', deferred_help=False, discovery_endpoint='', domain_id='', domain_name='', endpoint='', identity_provider=u'cloud1', identity_provider_url=u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', insecure=None, interface='', key='', log_file=None, old_profile=None, openid_scope='', os_beta_command=False, os_clustering_api_version='1', os_compute_api_version='', os_data_processing_api_version='1.1', os_data_processing_url='', os_dns_api_version='2', os_identity_api_version='3', os_image_api_version='', os_key_manager_api_version='1', os_network_api_version='', os_object_api_version='', os_orchestration_api_version='1', os_project_id=None, os_project_name=None, os_queues_api_version='1.1', os_volume_api_version='', os_workflow_api_version='2', passcode='', password=***'admin', profile=None, project_domain_id='', project_domain_name=u'Default', project_id='', project_name=u'admin', protocol=u'saml2', redirect_uri='', region_name='RegionOne', timing=False, token='***', trust_id='', url='', user_domain_id='', user_domain_name='', user_id='', username=u'admin', verbose_level=3, verify=None)
Auth plugin v3samlpassword selected
auth_config_hook(): {'auth_type': u'v3samlpassword', 'beta_command': False, u'compute_api_version': u'2', u'orchestration_api_version': '1', 'identity_provider_url': u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', 'data_processing_api_version': '1.1', 'auth_url': u'http://10.200.11.3:5000/v3', u'network_api_version': u'2', 'protocol': u'saml2', u'message': u'', u'image_format': u'qcow2', 'networks': [], u'image_api_version': u'2', 'clustering_api_version': '1', 'verify': True, u'database_api_version': u'1.0', 'identity_provider': u'cloud1', u'dns_api_version': '2', u'object_store_api_version': u'1', 'username': u'admin', 'verbose_level': 3, 'region_name': 'RegionOne', 'api_timeout': None, u'baremetal_api_version': u'1', 'queues_api_version': '1.1', 'auth': {'project_name': 'admin', 'project_domain_name': 'Default'}, 'default_domain': 'Default', 'debug': True, u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', 'key': None, 'timing': False, 'password': u'admin', 'cacert': None, u'key_manager_api_version': '1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', 'workflow_api_version': '2', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'status': u'active', u'container_api_version': u'1', u'interface': None, u'disable_vendor_agent': {}}
defaults: {u'auth_type': 'password', u'status': u'active', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'api_timeout': None, u'baremetal_api_version': u'1', u'image_api_version': u'2', u'metering_api_version': u'2', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', 'cacert': None, u'network_api_version': u'2', u'message': u'', u'image_format': u'qcow2', u'key_manager_api_version': u'v1', 'verify': True, u'identity_api_version': u'2.0', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'container_api_version': u'1', u'dns_api_version': u'2', u'object_store_api_version': u'1', u'interface': None, u'disable_vendor_agent': {}}
cloud cfg: {'auth_type': u'v3samlpassword', 'beta_command': False, u'compute_api_version': u'2', 'key': None, 'identity_provider_url': u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', 'data_processing_api_version': '1.1', 'auth_url': u'http://10.200.11.3:5000/v3', u'network_api_version': u'2', 'protocol': u'saml2', u'message': u'', u'image_format': u'qcow2', 'networks': [], u'image_api_version': u'2', 'clustering_api_version': '1', 'verify': True, u'database_api_version': u'1.0', 'identity_provider': u'cloud1', u'dns_api_version': '2', u'object_store_api_version': u'1', 'username': u'admin', 'verbose_level': 3, 'region_name': 'RegionOne', 'api_timeout': None, u'baremetal_api_version': u'1', 'queues_api_version': '1.1', 'auth': {'username': u'admin', 'identity_provider_url': u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', 'project_name': u'admin', 'protocol': u'saml2', 'identity_provider': u'cloud1', 'auth_url': u'http://10.200.11.3:5000/v3', 'password': u'***', 'project_domain_name': u'Default'}, 'default_domain': 'Default', u'container_api_version': u'1', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': '1', 'timing': False, 'password': u'***', 'cacert': None, u'key_manager_api_version': '1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', 'workflow_api_version': '2', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'status': u'active', 'debug': True, u'interface': None, u'disable_vendor_agent': {}}
compute API version 2, cmd group openstack.compute.v2
network API version 2, cmd group openstack.network.v2
image API version 2, cmd group openstack.image.v2
volume API version 2, cmd group openstack.volume.v2
identity API version 3, cmd group openstack.identity.v3
object_store API version 1, cmd group openstack.object_store.v1
messaging API version 1.1, cmd group openstack.messaging.v1
clustering API version 1, cmd group openstack.clustering.v1
data_processing API version 1.1, cmd group openstack.data_processing.v1
orchestration API version 1, cmd group openstack.orchestration.v1
workflow_engine API version 2, cmd group openstack.workflow_engine.v2
key_manager API version 1, cmd group openstack.key_manager.v1
dns API version 2, cmd group openstack.dns.v2
Auth plugin v3samlpassword selected
auth_config_hook(): {'auth_type': u'v3samlpassword', 'beta_command': False, u'compute_api_version': u'2', u'orchestration_api_version': '1', 'identity_provider_url': u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', 'data_processing_api_version': '1.1', 'auth_url': u'http://10.200.11.3:5000/v3', u'network_api_version': u'2', 'protocol': u'saml2', u'message': u'', u'image_format': u'qcow2', 'networks': [], u'image_api_version': u'2', 'clustering_api_version': '1', 'verify': True, u'database_api_version': u'1.0', 'identity_provider': u'cloud1', u'dns_api_version': '2', u'object_store_api_version': u'1', 'username': u'admin', 'verbose_level': 3, 'region_name': 'RegionOne', 'api_timeout': None, u'baremetal_api_version': u'1', 'queues_api_version': '1.1', 'auth': {'project_name': 'admin', 'project_domain_name': 'Default'}, 'default_domain': 'Default', 'debug': True, u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', 'key': None, 'timing': False, 'password': u'admin', 'cacert': None, u'key_manager_api_version': '1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', 'workflow_api_version': '2', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'status': u'active', u'container_api_version': u'1', u'interface': None, u'disable_vendor_agent': {}}
command: token issue -> openstackclient.identity.v3.token.IssueToken
Using auth plugin: v3samlpassword
Using parameters {'username': u'admin', 'identity_provider_url': u'http://10.200.1.3:5000/v3/auth/OS-FEDERATION/saml2/ecp', 'project_name': 'admin', 'protocol': u'saml2', 'identity_provider': u'cloud1', 'auth_url': u'http://10.200.11.3:5000/v3', 'password': u'***', 'project_domain_name': 'Default'}
Get auth_ref
REQ: curl -g -i -X GET http://10.200.11.3:5000/v3/OS-FEDERATION/identity_providers/cloud1/protocols/saml2/auth -H "User-Agent: osc-lib keystoneauth1/2.12.1 python-requests/2.11.1 CPython/2.7.6"
Starting new HTTP connection (1): 10.200.11.3
"GET /v3/OS-FEDERATION/identity_providers/cloud1/protocols/saml2/auth HTTP/1.1" 200 1658
Starting new HTTP connection (1): 10.200.1.3
"POST /v3/auth/OS-FEDERATION/saml2/ecp HTTP/1.1" 400 258
SAML2: Error parsing XML returned from Identity Provider: Start tag expected, '<' not found, line 1, column 1
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 380, in run_subcommand
    self.prepare_to_run_command(cmd)
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 434, in prepare_to_run_command
    self.client_manager.auth_ref
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/clientmanager.py", line 198, in auth_ref
    self._auth_ref = self.auth.get_auth_ref(self.session)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/identity/v3/federation.py", line 65, in get_auth_ref
    auth_ref = self.get_unscoped_auth_ref(session)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/extras/_saml2/v3/saml2.py", line 241, in get_unscoped_auth_ref
    raise exceptions.AuthorizationFailure(str(e))
AuthorizationFailure: SAML2: Error parsing XML returned from Identity Provider: Start tag expected, '<' not found, line 1, column 1
clean_up IssueToken: SAML2: Error parsing XML returned from Identity Provider: Start tag expected, '<' not found, line 1, column 1
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 135, in run
    ret_val = super(OpenStackShell, self).run(argv)
  File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 267, in run
    result = self.run_subcommand(remainder)
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 180, in run_subcommand
    ret_value = super(OpenStackShell, self).run_subcommand(argv)
  File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 380, in run_subcommand
    self.prepare_to_run_command(cmd)
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 434, in prepare_to_run_command
    self.client_manager.auth_ref
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/clientmanager.py", line 198, in auth_ref
    self._auth_ref = self.auth.get_auth_ref(self.session)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/identity/v3/federation.py", line 65, in get_auth_ref
    auth_ref = self.get_unscoped_auth_ref(session)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/extras/_saml2/v3/saml2.py", line 241, in get_unscoped_auth_ref
    raise exceptions.AuthorizationFailure(str(e))
AuthorizationFailure: SAML2: Error parsing XML returned from Identity Provider: Start tag expected, '<' not found, line 1, column 1

END return value: 1