Cannot list roles for a user when using a SERVICE_TOKEN

Keystone server reports error in the database layer:

$ export OS_SERVICE_ENDPOINT=http://192.168.1.58:35357/v2.0
$ export OS_SERVICE_TOKEN=ADMIN

$ keystone --debug user-role-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
DEBUG:keystoneclient.session:REQ: curl -g -i --cacert "/opt/stack/data/CA/int-ca/ca-chain.pem" -X GET http://192.168.1.58:35357/v2.0/users/None/roles -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}b521caa6e1db82e5a01c924a419870cb72b81635"
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 192.168.1.58
DEBUG:requests.packages.urllib3.connectionpool:"GET /v2.0/users/None/roles HTTP/1.1" 400 101
DEBUG:keystoneclient.session:RESP:
DEBUG:keystoneclient.session:Request returned failure status: 400
object of type 'NoneType' has no len() (HTTP 400) (Request-ID: req-fded4fd1-0f6d-49ae-8120-83c498d41e00)

$ keystone --debug user-role-list --user=admin
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
DEBUG:keystoneclient.session:REQ: curl -g -i --cacert "/opt/stack/data/CA/int-ca/ca-chain.pem" -X GET http://192.168.1.58:35357/v2.0/users/admin -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}b521caa6e1db82e5a01c924a419870cb72b81635"
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 192.168.1.58
DEBUG:requests.packages.urllib3.connectionpool:"GET /v2.0/users/admin HTTP/1.1" 404 87
DEBUG:keystoneclient.session:RESP:
DEBUG:keystoneclient.session:Request returned failure status: 404
DEBUG:keystoneclient.session:REQ: curl -g -i --cacert "/opt/stack/data/CA/int-ca/ca-chain.pem" -X GET http://192.168.1.58:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}b521caa6e1db82e5a01c924a419870cb72b81635"
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 192.168.1.58
DEBUG:requests.packages.urllib3.connectionpool:"GET /v2.0/users HTTP/1.1" 200 845
DEBUG:keystoneclient.session:RESP: [200] content-length: 845 vary: X-Auth-Token keep-alive: timeout=5, max=100 server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_wsgi/3.4 Python/2.7.5 connection: Keep-Alive date: Wed, 25 Mar 2015 16:49:15 GMT content-type: application/json x-openstack-request-id: req-bbb3918d-24b6-4470-b292-6273d743eee6
RESP BODY: {"users": [{"username": "admin", "name": "admin", "enabled": true, "email": null, "id": "042b50edf70f484dab1f14e893a73ea8"}, {"username": "cinder", "name": "cinder", "enabled": true, "email": null, "id": "45eeff3685164f6a932bba3ef825bdb4"}, {"username": "heat", "name": "heat", "enabled": true, "email": null, "id": "a8c0e670150849f28201c323973c4465"}, {"username": "alt_demo", "name": "alt_demo", "enabled": true, "email": "<email address hidden>", "id": "e6c56d2f869c4980940178625e9b81ba"}, {"username": "glance", "name": "glance", "enabled": true, "email": null, "id": "ea5d78f861654cf9887d74510390600f"}, {"username": "demo", "name": "demo", "enabled": true, "email": "<email address hidden>", "id": "eb0d4dc081f442dd85573740cfbecfae"}, {"username": "nova", "name": "nova", "enabled": true, "email": null, "id": "f86d2bc00c4f4c9eba136903d60a5f0d"}]}

DEBUG:keystoneclient.session:REQ: curl -g -i --cacert "/opt/stack/data/CA/int-ca/ca-chain.pem" -X GET http://192.168.1.58:35357/v2.0/users/042b50edf70f484dab1f14e893a73ea8/roles -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}b521caa6e1db82e5a01c924a419870cb72b81635"
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 192.168.1.58
DEBUG:requests.packages.urllib3.connectionpool:"GET /v2.0/users/042b50edf70f484dab1f14e893a73ea8/roles HTTP/1.1" 400 101
DEBUG:keystoneclient.session:RESP:
DEBUG:keystoneclient.session:Request returned failure status: 400
object of type 'NoneType' has no len() (HTTP 400) (Request-ID: req-7c1b4829-d00c-4e02-ab51-23a212f6e1c8)

2015-03-25 16:49:15.280657 11009 TRACE keystone.common.wsgi Traceback (most recent call last):
2015-03-25 16:49:15.280661 11009 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 239, in __call__
2015-03-25 16:49:15.280664 11009 TRACE keystone.common.wsgi result = method(context, **params)
2015-03-25 16:49:15.280667 11009 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/assignment/controllers.py", line 148, in get_user_roles
2015-03-25 16:49:15.280671 11009 TRACE keystone.common.wsgi user_id, tenant_id)
2015-03-25 16:49:15.280673 11009 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/assignment/core.py", line 166, in get_roles_for_user_and_project
2015-03-25 16:49:15.280698 11009 TRACE keystone.common.wsgi project_ref = self.resource_api.get_project(tenant_id)
2015-03-25 16:49:15.280706 11009 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/dogpile/cache/region.py", line 1040, in decorate
2015-03-25 16:49:15.280797 11009 TRACE keystone.common.wsgi should_cache_fn)
2015-03-25 16:49:15.280802 11009 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/dogpile/cache/region.py", line 651, in get_or_create
2015-03-25 16:49:15.280806 11009 TRACE keystone.common.wsgi async_creator) as value:
2015-03-25 16:49:15.280808 11009 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/dogpile/core/dogpile.py", line 158, in __enter__
2015-03-25 16:49:15.280811 11009 TRACE keystone.common.wsgi return self._enter()
2015-03-25 16:49:15.280814 11009 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/dogpile/core/dogpile.py", line 98, in _enter
2015-03-25 16:49:15.280817 11009 TRACE keystone.common.wsgi generated = self._enter_create(createdtime)
2015-03-25 16:49:15.280820 11009 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/dogpile/core/dogpile.py", line 149, in _enter_create
2015-03-25 16:49:15.280831 11009 TRACE keystone.common.wsgi created = self.creator()
2015-03-25 16:49:15.280834 11009 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/dogpile/cache/region.py", line 619, in gen_value
2015-03-25 16:49:15.280854 11009 TRACE keystone.common.wsgi created_value = creator()
2015-03-25 16:49:15.280948 11009 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/dogpile/cache/region.py", line 1036, in creator
2015-03-25 16:49:15.280953 11009 TRACE keystone.common.wsgi return fn(*arg, **kw)
2015-03-25 16:49:15.280963 11009 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/resource/core.py", line 512, in get_project
2015-03-25 16:49:15.280967 11009 TRACE keystone.common.wsgi return self.driver.get_project(project_id)
2015-03-25 16:49:15.280969 11009 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/resource/backends/sql.py", line 40, in get_project
2015-03-25 16:49:15.280972 11009 TRACE keystone.common.wsgi return self._get_project(session, tenant_id).to_dict()
2015-03-25 16:49:15.280975 11009 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/resource/backends/sql.py", line 33, in _get_project
2015-03-25 16:49:15.280978 11009 TRACE keystone.common.wsgi project_ref = session.query(Project).get(project_id)
2015-03-25 16:49:15.280980 11009 TRACE keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/sqlalchemy/orm/query.py", line 818, in get
2015-03-25 16:49:15.280983 11009 TRACE keystone.common.wsgi if len(ident) != len(mapper.primary_key):
2015-03-25 16:49:15.280986 11009 TRACE keystone.common.wsgi TypeError: object of type 'NoneType' has no len()