[kolla][keystone] Keycloak "More than one user" error

Mark Goddard mark at stackhpc.com
Tue Jan 26 08:46:57 UTC 2021


Adding keystone tag.

On Mon, 25 Jan 2021 at 13:35, Braden, Albert
<C-Albert.Braden at charter.com> wrote:
>
> We’re running Train on Centos 7, and using Keycloak for auth. After I setup Keycloak, create a user in Keycloak, and then login to Horizon via Keycloak, a user is created in Keystone:
>
>
>
> | ccb276f4f507fd9f271d629d2ad896d2c97e04f81336cd8c1332f4b2df115ca2 | test              |
>
>
>
> If I try to address that user by name, I get an error:
>
>
>
> (openstack) [root at chrnc-area51-build-01 our-ok-kolla-ansible]# os user show test
>
> More than one user exists with the name 'test'.
>
>
>
> I can address it by id. When I list users, I only see one “test” user.”
>
>
>
> (openstack) [root at chrnc-area51-build-01 our-ok-kolla-ansible]# os user show ccb276f4f507fd9f271d629d2ad896d2c97e04f81336cd8c1332f4b2df115ca2
>
> +---------------------+------------------------------------------------------------------+
>
> | Field               | Value                                                            |
>
> +---------------------+------------------------------------------------------------------+
>
> | domain_id           | 4678301ef9a24d54bcd2e87a8fbc6872                                 |
>
> | email               | test at example.com                                                 |
>
>
>
> If I create a second user in Keycloak and login the same way, this doesn’t happen:
>
>
>
> (openstack) [root at chrnc-area51-build-01 our-ok-kolla-ansible]# os user show test2
>
> +---------------------+------------------------------------------------------------------+
>
> | Field               | Value                                                            |
>
> +---------------------+------------------------------------------------------------------+
>
> | domain_id           | 4678301ef9a24d54bcd2e87a8fbc6872                                 |
>
> | email               | test2 at example.com                                                |
>
>
>
> These 2 users look identical in the database:
>
>
>
> user:
>
>
>
> | ccb276f4f507fd9f271d629d2ad896d2c97e04f81336cd8c1332f4b2df115ca2 | {"email": "test at example.com"}        |       1 | NULL                             | 2021-01-22 18:33:20 | NULL           | 4678301ef9a24d54bcd2e87a8fbc6872 |
>
> | f4287b6082b8f36048d052eaa3d35facb94e5eff598d59d2aee68252ddb13339 | {"email": "test2 at example.com"}       |       1 | NULL                             | 2021-01-22 21:01:54 | NULL           | 4678301ef9a24d54bcd2e87a8fbc6872 |
>
>
>
> federated_user:
>
>
>
> |  6 | ccb276f4f507fd9f271d629d2ad896d2c97e04f81336cd8c1332f4b2df115ca2 | keycloak | openid      | test      | test         |
>
> |  9 | f4287b6082b8f36048d052eaa3d35facb94e5eff598d59d2aee68252ddb13339 | keycloak | openid      | test2     | test2        |
>
>
>
> Where should I be looking for the cause of this error?
>

Have you checked if there are other test users in a different domain?

>
>
>
>
> I apologize for the nonsense below. So far I have not been able to stop it from being attached to my external emails. I'm working on it.
>
>
>
> The contents of this e-mail message and
> any attachments are intended solely for the
> addressee(s) and may contain confidential
> and/or legally privileged information. If you
> are not the intended recipient of this message
> or if this message has been addressed to you
> in error, please immediately alert the sender
> by reply e-mail and then delete this message
> and any attachments. If you are not the
> intended recipient, you are notified that
> any use, dissemination, distribution, copying,
> or storage of this message or any attachment
> is strictly prohibited.



More information about the openstack-discuss mailing list