Do the following steps
1) Set up keystone for federation.
2) Generated a unscoped federated token
3) Generate a scoped token using token in step 2
4) Set up nova/glance for using keystone v3 API.
5) Try an image list command using following request
Request
GET http://sp.machine:9292/v2/images
Headers:
Content-Type: application/json
Accept: application/json
X-Auth-Token: e92a49262a8d403db838d6494e4f9991
6) This will break the auth_token(middleware\auth_token.py) middleware with key error at the following place
user = token['user']
user_domain_id = user['domain']['id']
user_domain_name = user['domain']['name']
in the function _build_user_headers.
This is because the token does not contain any domain id or name under the user info, since federated tokens have no information about the user
This can be fixed, simply by putting an if condition around the problematic code. I have tested this fix and then able to get image list and server list using glance and nova rest apis.
Example
vim "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py"
893 if 'domain' in user:
894 user_domain_id = user['domain']['id']
895 user_domain_name = user['domain']['name']
Following is the token information, not that there is no domain under users
{
"token": {
"methods": [
"saml2"
],
"roles": [
{
"id": "aad3b40ebb3b442f8fe85e88b21f3b4c",
"name": "admin"
}
],
"expires_at": "2014-07-22T10:15:05.367852Z",
"project": {
"domain": {
"id": "default",
"name": "Default"
},
"id": "6e99b7d923bc437381fd1b2b4d890339",
"name": "admin"
},
"catalog": [
{
"endpoints": [
{
"url": "https://127.0.0.1/keystone/main/v3",
"interface": "internal",
"region": "regionOne",
"id": "f5dad391109542cba959d2e27c5fe3a2"
},
{
"url": "https://172.20.15.103:8443/keystone/main/v3",
"interface": "public",
"region": "regionOne",
"id": "4f76970e4ab5497d9149d56d455499ac"
},
{
"url": "https://172.20.15.103:8443/keystone/admin/v3",
"interface": "admin",
"region": "regionOne",
"id": "b85e76ca32f640c4a4d84068c71d3bf2"
},
{
"url": "https://172.20.15.103:8443/keystone/admin/v2.0",
"interface": "admin",
"region": "regionOne",
"id": "1ae909491d754aeb8c8b8a5c5fa6ad47"
},
{
"url": "https://127.0.0.1/keystone/main/v2.0",
"interface": "internal",
"region": "regionOne",
"id": "daf4ce3876d04285a106d86e0fea9bd1"
},
{
"url": "https://172.20.15.103:8443/keystone/main/v2.0",
"interface": "public",
"region": "regionOne",
"id": "f763c80100954bc4805cf51b3dddb84b"
}
],
"type": "identity",
"id": "0f79e21861a94fcd84b72cae3ebd79e5"
},
{
"endpoints": [
{
"url": "http://172.20.15.103:9292",
"interface": "admin",
"region": "RegionOne",
"id": "16ffa8cebadd4d239744ea168efcd109"
},
{
"url": "http://172.20.15.103:9292",
"interface": "internal",
"region": "RegionOne",
"id": "944adaa070f44f21aa8a73fab15f07bb"
},
{
"url": "http://127.0.0.1:9292",
"interface": "public",
"region": "RegionOne",
"id": "cd945f6a5ee8410bbfe8d3572e23ee5d"
}
],
"type": "image",
"id": "fe5d67da897b4359810d95e2c591fe21"
},
{
"endpoints": [
{
"url": "http://172.20.15.103:8776/v1/6e99b7d923bc437381fd1b2b4d890339",
"interface": "admin",
"region": "RegionOne",
"id": "6d93d29279a6483783298eb67159b5c6"
},
{
"url": "http://172.20.15.103:8776/v1/6e99b7d923bc437381fd1b2b4d890339",
"interface": "internal",
"region": "RegionOne",
"id": "9416222ad31a411294718b8fe4988daf"
},
{
"url": "http://127.0.0.1:8776/v1/6e99b7d923bc437381fd1b2b4d890339",
"interface": "public",
"region": "RegionOne",
"id": "4d924ad3cb1a442a929536f90a1612b6"
}
],
"type": "volume",
"id": "55ef917e57a540e9b0353f02dec22512"
},
{
"endpoints": [
{
"url": "http://172.20.15.103:9696",
"interface": "admin",
"region": "RegionOne",
"id": "5fe8a0a8f6624e2cae2e2a8556919c2f"
},
{
"url": "http://172.20.15.103:9696",
"interface": "internal",
"region": "RegionOne",
"id": "0b9f9b8ce304460689e373c1e2a08c27"
},
{
"url": "http://127.0.0.1:9696",
"interface": "public",
"region": "RegionOne",
"id": "bcb231d9baab4345b9efed6374fc2a43"
}
],
"type": "network",
"id": "b8aaed7927834fd381f6621e678409c1"
},
{
"endpoints": [
{
"url": "http://172.20.15.103:8774/v2/6e99b7d923bc437381fd1b2b4d890339",
"interface": "admin",
"region": "RegionOne",
"id": "55489ebf6793489289556a590f0c464f"
},
{
"url": "http://172.20.15.103:8774/v2/6e99b7d923bc437381fd1b2b4d890339",
"interface": "internal",
"region": "RegionOne",
"id": "a9da7a6cf58e45be889ac6b88d071ae4"
},
{
"url": "http://127.0.0.1:8774/v2/6e99b7d923bc437381fd1b2b4d890339",
"interface": "public",
"region": "RegionOne",
"id": "249a8f15a5034cfd956ed0136d62404b"
}
],
"type": "compute",
"id": "ef0ff2f7395f4523b3dd2197f3e243cf"
},
{
"endpoints": [
{
"url": "http://172.20.15.103:8777",
"interface": "admin",
"region": "RegionOne",
"id": "95c930d0d593422092380bea899996b2"
},
{
"url": "http://172.20.15.103:8777",
"interface": "internal",
"region": "RegionOne",
"id": "2ca7e0515143455eb385b8feb5de9d2d"
},
{
"url": "http://127.0.0.1:8777",
"interface": "public",
"region": "RegionOne",
"id": "5b86fbfe14914ba9ba3a4ab600717ef7"
}
],
"type": "metering",
"id": "a028437e8c364bb78501bfb46619bd86"
}
],
"extras": {},
"user": {
"id": "admin",
"name": "admin"
},
"issued_at": "2014-07-22T09:15:05.367875Z"
}
}
If anything this is a bug against the keystonemiddleware package not keystone.