subject:"\[Yahoo\-eng\-team\] \[Bug 1566282\] Re\: Returning federated user fails to authenticate with HTTP 500"

[Yahoo-eng-team] [Bug 1566282] Re: Returning federated user fails to authenticate with HTTP 500

2016-07-06 Thread Steve Martinelli

** Changed in: keystone/newton
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1566282

Title:
  Returning federated user fails to authenticate with HTTP 500

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) mitaka series:
  Fix Released
Status in OpenStack Identity (keystone) newton series:
  Fix Released

Bug description:
  I've set up stable/mitaka keystone with AD FS and it worked. After
  some time, i decided to test the set up again and after trying to
  authenicate i've got HTTP 500.

  In keystone logs, there is this:
  http://paste.openstack.org/show/492968/ (the logs are the same as
  below).

  This happens because  self.update_federated_user_display_name is
  called in identity_api.shadow_federated_user. Since no
  update_federated_user_display_name is defined in identity_api,
  __getattr__ tries to lookup the name in the driver. The driver used
  for identity_api hasn't update_federated_user_display_name, and
  AttributeError is raised.

  The issue seems to exist on both stable/mitaka and master (6f9f390).

  2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] direct_maps: 
 
_update_local_mapping /opt/stack/keystone/keystone/federation/utils.py:691
  2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] local: {u'id': 
u'f7567142a8024543ab678de7be553dbf'} _update_local_mapping 
/opt/stack/keystone/keystone/federation/utils.py:692
  2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] identity_values: 
[{u'user': {u'domain': {u'name': u'Default'}, u'name': u'bre...@winad.org'}}, 
{u'group': {u'id': u'f7567142a8024543ab678de7be553dbf'}}] proc
  ess /opt/stack/keystone/keystone/federation/utils.py:535
  2016-04-05 11:53:56.174 2100 DEBUG keystone.federation.utils 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] mapped_properties: 
{'group_ids': [u'f7567142a8024543ab678de7be553dbf'], 'user': {u'domain': {'id': 
'Federated'}, 'type': 'ephemeral', u'name': u'breton@winad
  .org'}, 'group_names': []} process 
/opt/stack/keystone/keystone/federation/utils.py:537
  2016-04-05 11:53:56.273 2100 ERROR keystone.common.wsgi 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] 'Identity' object has no 
attribute 'update_federated_user_display_name'
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi Traceback (most 
recent call last):
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/common/wsgi.py", line 249, in __call__
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi result = 
method(context, **params)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/federation/controllers.py", line 320, in 
federated_sso_auth
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi protocol_id)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/federation/controllers.py", line 302, in 
federated_authentication
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi return 
self.authenticate_for_token(context, auth=auth)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/auth/controllers.py", line 396, in 
authenticate_for_token
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi 
self.authenticate(context, auth_info, auth_context)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/auth/controllers.py", line 520, in authenticate
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi auth_context)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/auth/plugins/mapped.py", line 65, in authenticate
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi self.identity_api)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/auth/plugins/mapped.py", line 153, in 
handle_unscoped_token
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi display_name)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/common/manager.py", line 124, in wrapped
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi __ret_val = 
__f(*args, **kwargs)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1053, in 
decorate
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi should_cache_fn)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/usr/local/lib/python2.7/dist-packages/dogpile/cache/region.py", line

[Yahoo-eng-team] [Bug 1566282] Re: Returning federated user fails to authenticate with HTTP 500

2016-04-05 Thread OpenStack Infra

Reviewed:  https://review.openstack.org/301795
Committed: 
https://git.openstack.org/cgit/openstack/keystone/commit/?id=7ad4f8728cce354617b5facefe5076d65af311c6
Submitter: Jenkins
Branch:master

commit 7ad4f8728cce354617b5facefe5076d65af311c6
Author: Boris Bobrov 
Date:   Tue Apr 5 18:50:48 2016 +0300

Update federated user display name with shadow_users_api

When a user comes to the cloud for the first time, a shadow user is
created. When the user authenticates again, this shadow user is
fetched and returned. Before it is returned, its display name should
be updated. But the call to update the display name fails because
neither identity manager nor identity drivers have the required
method. However, the required method exists in shadow_users_api.

The issue was hidden because method shadow_federated_user was
cached and while the cache lived, the user could authenticate.

Use the method of shadow_user_api instead of identity_api to update
federated user display name.

Change-Id: I58e65bdf3a953f3ded485003939b81f908738e1e
Closes-Bug: 1566282


** Changed in: keystone
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1566282

Title:
  Returning federated user fails to authenticate with HTTP 500

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) mitaka series:
  Fix Released
Status in OpenStack Identity (keystone) newton series:
  In Progress

Bug description:
  I've set up stable/mitaka keystone with AD FS and it worked. After
  some time, i decided to test the set up again and after trying to
  authenicate i've got HTTP 500.

  In keystone logs, there is this:
  http://paste.openstack.org/show/492968/ (the logs are the same as
  below).

  This happens because  self.update_federated_user_display_name is
  called in identity_api.shadow_federated_user. Since no
  update_federated_user_display_name is defined in identity_api,
  __getattr__ tries to lookup the name in the driver. The driver used
  for identity_api hasn't update_federated_user_display_name, and
  AttributeError is raised.

  The issue seems to exist on both stable/mitaka and master (6f9f390).

  2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] direct_maps: 
 
_update_local_mapping /opt/stack/keystone/keystone/federation/utils.py:691
  2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] local: {u'id': 
u'f7567142a8024543ab678de7be553dbf'} _update_local_mapping 
/opt/stack/keystone/keystone/federation/utils.py:692
  2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] identity_values: 
[{u'user': {u'domain': {u'name': u'Default'}, u'name': u'bre...@winad.org'}}, 
{u'group': {u'id': u'f7567142a8024543ab678de7be553dbf'}}] proc
  ess /opt/stack/keystone/keystone/federation/utils.py:535
  2016-04-05 11:53:56.174 2100 DEBUG keystone.federation.utils 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] mapped_properties: 
{'group_ids': [u'f7567142a8024543ab678de7be553dbf'], 'user': {u'domain': {'id': 
'Federated'}, 'type': 'ephemeral', u'name': u'breton@winad
  .org'}, 'group_names': []} process 
/opt/stack/keystone/keystone/federation/utils.py:537
  2016-04-05 11:53:56.273 2100 ERROR keystone.common.wsgi 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] 'Identity' object has no 
attribute 'update_federated_user_display_name'
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi Traceback (most 
recent call last):
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/common/wsgi.py", line 249, in __call__
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi result = 
method(context, **params)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/federation/controllers.py", line 320, in 
federated_sso_auth
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi protocol_id)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/federation/controllers.py", line 302, in 
federated_authentication
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi return 
self.authenticate_for_token(context, auth=auth)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/auth/controllers.py", line 396, in 
authenticate_for_token
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi 
self.authenticate(context, auth_info, auth_context)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/auth/controllers.py", line 520, in authenticate

[Yahoo-eng-team] [Bug 1566282] Re: Returning federated user fails to authenticate with HTTP 500

2016-04-05 Thread Steve Martinelli

** Also affects: keystone/mitaka
   Importance: Undecided
 Assignee: Dolph Mathews (dolph)
   Status: In Progress

** Also affects: keystone/newton
   Importance: Undecided
   Status: New

** Changed in: keystone/newton
 Assignee: (unassigned) => Boris Bobrov (bbobrov)

** Changed in: keystone/mitaka
 Assignee: Dolph Mathews (dolph) => (unassigned)

** Changed in: keystone/mitaka
 Assignee: (unassigned) => Steve Martinelli (stevemar)

** Changed in: keystone/mitaka
 Assignee: Steve Martinelli (stevemar) => Boris Bobrov (bbobrov)

** Changed in: keystone/newton
   Importance: Undecided => High

** Changed in: keystone/mitaka
   Importance: Undecided => Critical

** Changed in: keystone/newton
   Importance: High => Critical

** Changed in: keystone/newton
   Status: New => In Progress

** Changed in: keystone/newton
Milestone: None => newton-1

** Changed in: keystone/mitaka
Milestone: None => mitaka-rc3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1566282

Title:
  Returning federated user fails to authenticate with HTTP 500

Status in OpenStack Identity (keystone):
  In Progress
Status in OpenStack Identity (keystone) mitaka series:
  In Progress
Status in OpenStack Identity (keystone) newton series:
  In Progress

Bug description:
  I've set up stable/mitaka keystone with AD FS and it worked. After
  some time, i decided to test the set up again and after trying to
  authenicate i've got HTTP 500.

  In keystone logs, there is this:
  http://paste.openstack.org/show/492968/ (the logs are the same as
  below).

  This happens because  self.update_federated_user_display_name is
  called in identity_api.shadow_federated_user. Since no
  update_federated_user_display_name is defined in identity_api,
  __getattr__ tries to lookup the name in the driver. The driver used
  for identity_api hasn't update_federated_user_display_name, and
  AttributeError is raised.

  The issue seems to exist on both stable/mitaka and master (6f9f390).

  2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] direct_maps: 
 
_update_local_mapping /opt/stack/keystone/keystone/federation/utils.py:691
  2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] local: {u'id': 
u'f7567142a8024543ab678de7be553dbf'} _update_local_mapping 
/opt/stack/keystone/keystone/federation/utils.py:692
  2016-04-05 11:53:56.173 2100 DEBUG keystone.federation.utils 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] identity_values: 
[{u'user': {u'domain': {u'name': u'Default'}, u'name': u'bre...@winad.org'}}, 
{u'group': {u'id': u'f7567142a8024543ab678de7be553dbf'}}] proc
  ess /opt/stack/keystone/keystone/federation/utils.py:535
  2016-04-05 11:53:56.174 2100 DEBUG keystone.federation.utils 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] mapped_properties: 
{'group_ids': [u'f7567142a8024543ab678de7be553dbf'], 'user': {u'domain': {'id': 
'Federated'}, 'type': 'ephemeral', u'name': u'breton@winad
  .org'}, 'group_names': []} process 
/opt/stack/keystone/keystone/federation/utils.py:537
  2016-04-05 11:53:56.273 2100 ERROR keystone.common.wsgi 
[req-fe431d33-f850-4a49-87b6-abad9290e638 - - - - -] 'Identity' object has no 
attribute 'update_federated_user_display_name'
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi Traceback (most 
recent call last):
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/common/wsgi.py", line 249, in __call__
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi result = 
method(context, **params)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/federation/controllers.py", line 320, in 
federated_sso_auth
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi protocol_id)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/federation/controllers.py", line 302, in 
federated_authentication
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi return 
self.authenticate_for_token(context, auth=auth)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/auth/controllers.py", line 396, in 
authenticate_for_token
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi 
self.authenticate(context, auth_info, auth_context)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/auth/controllers.py", line 520, in authenticate
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi auth_context)
  2016-04-05 11:53:56.273 2100 TRACE keystone.common.wsgi   File 
"/opt/stack/keystone/keystone/auth/plugins/mapped.py", line 65, in authenticate
  2016-04-05 11:53:56.273 2100 TRACE

[Yahoo-eng-team] [Bug 1566282] Re: Returning federated user fails to authenticate with HTTP 500

[Yahoo-eng-team] [Bug 1566282] Re: Returning federated user fails to authenticate with HTTP 500

[Yahoo-eng-team] [Bug 1566282] Re: Returning federated user fails to authenticate with HTTP 500

3 matches

Site Navigation

Mail list logo

Footer information