[horizon][keystone][kolla-ansible] Authentication failure
Hi All,
I am using the yoga version of OpenStack with the deployment tool of kolla-ansible. I am currently facing the below error when logging in via federated login using Globus Auth.
" Login failed: An error occurred authenticating. Please try again later."
When attempting to login, we are able to redirect the page to globus and process the request. However, when it comes back to the horizon login page, I am getting an authentication error. I have set up my keystone identity provider in globals.yml as below.
keystone_identity_providers: - name: "globus" openstack_domain: "Default" protocol: "openid" identifier: "https://auth.globus.org" public_name: "Authenticate via Globus Auth" attribute_mapping: "globus" metadata_folder: "/home/user/osmetadata" keystone_federation_oidc_jwks_uri: "https://auth.globus.org/jwk.json"
keystone_identity_mappings: - name: "globus" file: "/home/user/globus.json"
Apart from specifying the identity provider and mapping, below are the other configurations we have set up when deploying.
kolla_enable_tls_internal: "no" kolla_enable_tls_external: "yes" kolla_enable_tls_backend: "no" kolla_verify_tls_backend: "yes"
Thanks for the help, James
Hello, You need enable keystone debug log to find exact what is wrong, Nguyen Huu Khoi
On Wed, Jul 5, 2023 at 4:48 AM James Leong jamesleong123098@gmail.com wrote:
Hi All,
I am using the yoga version of OpenStack with the deployment tool of kolla-ansible. I am currently facing the below error when logging in via federated login using Globus Auth.
" Login failed: An error occurred authenticating. Please try again later."
When attempting to login, we are able to redirect the page to globus and process the request. However, when it comes back to the horizon login page, I am getting an authentication error. I have set up my keystone identity provider in globals.yml as below.
keystone_identity_providers:
- name: "globus" openstack_domain: "Default" protocol: "openid" identifier: "https://auth.globus.org" public_name: "Authenticate via Globus Auth" attribute_mapping: "globus" metadata_folder: "/home/user/osmetadata" keystone_federation_oidc_jwks_uri: "https://auth.globus.org/jwk.json"
keystone_identity_mappings:
- name: "globus" file: "/home/user/globus.json"
Apart from specifying the identity provider and mapping, below are the other configurations we have set up when deploying.
kolla_enable_tls_internal: "no" kolla_enable_tls_external: "yes" kolla_enable_tls_backend: "no" kolla_verify_tls_backend: "yes"
Thanks for the help, James
participants (2)
-
James Leong
-
Nguyễn Hữu Khôi