<div dir="ltr">Hi Sreeja,<div>I think this is happening because your SAML namespace prefixes is being reassigned. The line of code "<span style="white-space:pre"><font face="arial, helvetica, sans-serif" color="#000000" style="font-size:12px"><i>file_path = fileutils.write_to_tempfile(assertion.to_string())</i></font><font face="monospace" style="font-size:12px;color:rgb(0,0,0)">"</font><font style="color:rgb(0,0,0)" face="arial, helvetica, sans-serif"> is raising the exception. </font></span>The link <a href="https://review.openstack.org/gitweb?p=openstack%2Fkeystone.git;a=commitdiff;h=acdf034eb189773494849c4b7798f4bf59ea8517">https://review.openstack.org/gitweb?p=openstack%2Fkeystone.git;a=commitdiff;h=acdf034eb189773494849c4b7798f4bf59ea8517</a> might help you out. Try patching your keystone with the 2 files and even then if the problem persists, let me know.</div><div><br></div><div>Thanks.</div><div>Nitish B.</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div>Regards,<br></div>Nitish B.<br></div></div></div>
<br><div class="gmail_quote">On Mon, Sep 7, 2015 at 3:42 PM, sreeja kannagundla <span dir="ltr"><<a href="mailto:sreejakannagundla08@gmail.com" target="_blank">sreejakannagundla08@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi <div><br></div><div>This is what my log file looks like:</div><div><pre style="white-space:pre-wrap;margin-bottom:0.8em;color:rgb(51,51,51);font-size:12px;line-height:18px">INFO keystone.common.wsgi [-] POST <a rel="nofollow" href="http://keystone:5000/v3/auth/OS-FEDERATION/saml2/ecp" style="color:rgb(0,51,170)" target="_blank">http://keystone:5000/v3/auth/OS-FEDERATION/saml2/ecp</a>
ERROR keystone.contrib.federation.idp [-] Error when signing assertion, reason: Command '['xmlsec1', '--sign', '--privkey-pem', '/etc/keystone/ssl/private/cakey.pem,/etc/keystone/ssl/certs/ca.pem', '--id-attr:ID', 'Assertion', '/tmp/tmpfXz0D4']' returned non-zero exit status 1
2015-06-24 21:54:46.482 13569 WARNING keystone.common.wsgi [-] An unexpected error prevented the server from fulfilling your request.</pre><pre style="white-space:pre-wrap;margin-bottom:0.8em;color:rgb(51,51,51);font-size:12px;line-height:18px">and the certificates ca.pem and cakey.pem are present in the /etc/keystone/ssl/certs/ and /etc/keystone/ssl/private/</pre><pre style="white-space:pre-wrap;margin-bottom:0.8em;color:rgb(51,51,51);font-size:12px;line-height:18px">This error is raised when subprocess.checkoutput method is called from sign_assertion method </pre><pre style="white-space:pre-wrap;margin-bottom:0.8em;color:rgb(51,51,51);font-size:12px;line-height:18px">and following is my saml section in keystone.conf :</pre><pre style="white-space:pre-wrap;margin-bottom:0.8em;color:rgb(51,51,51);font-size:12px;line-height:18px">[saml]</pre><pre style="white-space:pre-wrap;margin-bottom:0.8em;color:rgb(51,51,51);font-size:12px;line-height:18px">certfile = /etc/keystone/ssl/certs/ca.pem</pre><pre style="white-space:pre-wrap;margin-bottom:0.8em;color:rgb(51,51,51);font-size:12px;line-height:18px">keyfile = /etc/keystone/ssl/private/cakey.pem</pre><pre style="white-space:pre-wrap;margin-bottom:0.8em;color:rgb(51,51,51);font-size:12px;line-height:18px">idp_entity_id = <span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">http</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(153,153,153);background-color:transparent">:</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">keystone</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(153,153,153);background-color:transparent">.</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">idp</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">v3</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">OS</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">-</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">FEDERATION</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">saml2</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">idp </span></pre><pre style="white-space:pre-wrap;margin-bottom:0.8em;color:rgb(51,51,51);font-size:12px;line-height:18px"><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">idp_sso_endpoint = </span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">http</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(153,153,153);background-color:transparent">:</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">keystone</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(153,153,153);background-color:transparent">.</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">idp</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">v3</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">OS</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">-</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">FEDERATION</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">saml2</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">sso</span></pre><pre style="white-space:pre-wrap;margin-bottom:0.8em;color:rgb(51,51,51);font-size:12px;line-height:18px"><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">idp_metadata_path = </span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">etc</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">keystone</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(166,127,89);background:rgba(255,255,255,0.498039)">/</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">keystone_idp_metadata</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:rgb(153,153,153);background-color:transparent">.</span><span style="font-family:Consolas,Monaco,'Andale Mono',monospace;font-size:0.8em;line-height:1.5;word-spacing:normal;color:black;background-color:transparent">xml</span></pre></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 7, 2015 at 2:28 PM, nithish B <span dir="ltr"><<a href="mailto:bestofnithish@gmail.com" target="_blank">bestofnithish@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Sreeja,<div>It seems like your private key and/or the ssl certificate you use to auth does not exist. If you are indeed using key-pair based authentication, make sure you have the key "signing_key.pem" at the mentioned location, i.e. at /etc/ssl/private</div><div><br></div><div>If this doesn't help, can you then just share a bit more on your setup.</div><div><br></div><div>Thanks.</div><div>Nitish B.</div></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div>Regards,<br></div>Nitish B.<br></div></div></div>
<br><div class="gmail_quote"><div><div>On Mon, Sep 7, 2015 at 1:15 PM, sreeja kannagundla <span dir="ltr"><<a href="mailto:sreejakannagundla08@gmail.com" target="_blank">sreejakannagundla08@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><pre style="margin-bottom:0.8em;color:rgb(51,51,51);font-size:12px;line-height:18px">While trying to implement federation, I was getting code 500 errors
when trying to get a SAML assertion from a Keystone instance
configured as identity provider. This is what the Keystone log showed:
INFO keystone.common.wsgi [-] POST <a rel="nofollow" href="http://172.29.236.100:5000/v3/auth/OS-FEDERATION/saml2/ecp" style="color:rgb(0,51,170)" target="_blank">http://172.29.236.100:5000/v3/auth/OS-FEDERATION/saml2/ecp</a>
ERROR keystone.contrib.federation.idp [-] Error when signing assertion, reason: Command '['xmlsec1', '--sign', '--privkey-pem', '/etc/ssl/private/signing_key.pem,/etc/ssl/
certs/signing_cert.pem', '--id-attr:ID', 'Assertion', '/tmp/tmpfXz0D4']' returned non-zero exit status 1
2015-06-24 21:54:46.482 13569 WARNING keystone.common.wsgi [-] An unexpected error prevented the server from fulfilling your request.
</pre><div>It is not clear what the problem is from the logs</div><div><br></div></div>
<br></div></div>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>