Hey Boris, Which mapping? Hope you were looking for the shibboleth user mapping. Also, hope this is the right way to share the paste (first time using this): http://paste.openstack.org/show/3snCb31GRZfAuQxdRouy/
Cheers, -E -- Evan F. Bollig, PhD Scientific Computing Consultant, Application Developer | Scientific Computing Solutions (SCS) Minnesota Supercomputing Institute | msi.umn.edu University of Minnesota | umn.edu boll0...@umn.edu | 612-624-1447 | Walter Lib Rm 556 On Thu, Mar 9, 2017 at 7:50 AM, Boris Bobrov <bre...@cynicmansion.ru> wrote: > Hi, > > Please paste your mapping to paste.openstack.org > > On 03/09/2017 02:07 AM, Evan Bollig PhD wrote: >> I am on Ocata with Shibboleth auth enabled. I noticed that Federated >> users with the admin role no longer have authorization to use the >> Admin** panels in Horizon related to Nova, Cinder and Neutron. All >> regular Identity and Project tabs function, and there are no problems >> with authorization for local admin users. >> >> ----- >> These Admin tabs work: Hypervisors, Host Aggregates, Flavors, Images, >> Defaults, Metadata, System Information >> >> These result in logout: Instances, Volumes, Networks, Routers, Floating IPs >> >> This is not present: Overview >> ----- >> >> The policies are vanilla from the CentOS/RDO openstack-dashboard RPMs: >> openstack-dashboard-11.0.0-1.el7.noarch >> python-django-horizon-11.0.0-1.el7.noarch >> python2-keystonemiddleware-4.14.0-1.el7.noarch >> python2-keystoneclient-3.10.0-1.el7.noarch >> openstack-keystone-11.0.0-1.el7.noarch >> python2-keystoneauth1-2.18.0-1.el7.noarch >> python-keystone-11.0.0-1.el7.noarch >> >> The errors I see in logs are similar to: >> >> ==> /var/log/horizon/horizon.log <== >> 2017-03-07 18:24:54,961 13745 ERROR horizon.exceptions Unauthorized: >> Traceback (most recent call last): >> File >> "/usr/share/openstack-dashboard/openstack_dashboard/dashboards/admin/floating_ips/views.py", >> line 53, in get_tenant_list >> tenants, has_more = api.keystone.tenant_list(request) >> File "/usr/share/openstack-dashboard/openstack_dashboard/api/keystone.py", >> line 351, in tenant_list >> manager = VERSIONS.get_project_manager(request, admin=admin) >> File "/usr/share/openstack-dashboard/openstack_dashboard/api/keystone.py", >> line 61, in get_project_manager >> manager = keystoneclient(*args, **kwargs).projects >> File "/usr/share/openstack-dashboard/openstack_dashboard/api/keystone.py", >> line 170, in keystoneclient >> raise exceptions.NotAuthorized >> NotAuthorized >> >> Cheers, >> -E >> -- >> Evan F. Bollig, PhD >> Scientific Computing Consultant, Application Developer | Scientific >> Computing Solutions (SCS) >> Minnesota Supercomputing Institute | msi.umn.edu >> University of Minnesota | umn.edu >> boll0...@umn.edu | 612-624-1447 | Walter Lib Rm 556 >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
