Your mapping is unconditionally resulting in this behavior. See the mapping documentation:
http://docs.openstack.org/developer/keystone/mapping_combinations.html ** Changed in: keystone Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1547031 Title: Can't distinguish users through openid login Status in OpenStack Identity (keystone): Invalid Bug description: Accrounding to the doc (http://docs.openstack.org/developer/keystone/configure_federation.html), I parse openid login in my devstack. and i have success login with google account. but there is a problem, how can i distinguish users? I know all the federation users are in one group, and the group is relate with a project. In my devstack, all of users login through openid have the same project , and have the same resource, when i create a resource and orther user login through openid can also see the resource I don't know whether somewhere i parsed is wrong, this is my mapping: { "local": [ { "user": { "name": "{3}", "realname": "{2}", "email": "{3}" }, "group": { "name": "demo", "domain": { "name": "Default" } } } ], "remote": [ { "type": "HTTP_OIDC_SUB" }, { "type": "HTTP_OIDC_ISS" }, { "type": "HTTP_OIDC_NAME" }, { "type": "HTTP_OIDC_EMAIL" } ] } devstack address: www.scorpio.ml To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1547031/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp