Adding keystone tag. On Mon, 25 Jan 2021 at 13:35, Braden, Albert <C-Albert.Braden@charter.com> wrote:
We’re running Train on Centos 7, and using Keycloak for auth. After I setup Keycloak, create a user in Keycloak, and then login to Horizon via Keycloak, a user is created in Keystone:
| ccb276f4f507fd9f271d629d2ad896d2c97e04f81336cd8c1332f4b2df115ca2 | test |
If I try to address that user by name, I get an error:
(openstack) [root@chrnc-area51-build-01 our-ok-kolla-ansible]# os user show test
More than one user exists with the name 'test'.
I can address it by id. When I list users, I only see one “test” user.”
(openstack) [root@chrnc-area51-build-01 our-ok-kolla-ansible]# os user show ccb276f4f507fd9f271d629d2ad896d2c97e04f81336cd8c1332f4b2df115ca2
+---------------------+------------------------------------------------------------------+
| Field | Value |
+---------------------+------------------------------------------------------------------+
| domain_id | 4678301ef9a24d54bcd2e87a8fbc6872 |
| email | test@example.com |
If I create a second user in Keycloak and login the same way, this doesn’t happen:
(openstack) [root@chrnc-area51-build-01 our-ok-kolla-ansible]# os user show test2
+---------------------+------------------------------------------------------------------+
| Field | Value |
+---------------------+------------------------------------------------------------------+
| domain_id | 4678301ef9a24d54bcd2e87a8fbc6872 |
| email | test2@example.com |
These 2 users look identical in the database:
user:
| ccb276f4f507fd9f271d629d2ad896d2c97e04f81336cd8c1332f4b2df115ca2 | {"email": "test@example.com"} | 1 | NULL | 2021-01-22 18:33:20 | NULL | 4678301ef9a24d54bcd2e87a8fbc6872 |
| f4287b6082b8f36048d052eaa3d35facb94e5eff598d59d2aee68252ddb13339 | {"email": "test2@example.com"} | 1 | NULL | 2021-01-22 21:01:54 | NULL | 4678301ef9a24d54bcd2e87a8fbc6872 |
federated_user:
| 6 | ccb276f4f507fd9f271d629d2ad896d2c97e04f81336cd8c1332f4b2df115ca2 | keycloak | openid | test | test |
| 9 | f4287b6082b8f36048d052eaa3d35facb94e5eff598d59d2aee68252ddb13339 | keycloak | openid | test2 | test2 |
Where should I be looking for the cause of this error?
Have you checked if there are other test users in a different domain?
I apologize for the nonsense below. So far I have not been able to stop it from being attached to my external emails. I'm working on it.
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.