[openstack-dev] [keystone] federation
Navid Pustchi
npustchi at gmail.com
Fri Aug 21 05:23:15 UTC 2015
Hi
I am testing the feasibility of federated token to access another federated
resource.
For this purpos, I setup three devstack kilo instances as:
kilo1 (IdP) -----> kilo2 (SP / IdP) -----> kilo3 (SP)
1. get a federated scoped token for a project in kilo2.
2. using this federated token, get federated scoped token for a project in
kilo3.
I get 500 internal server error from kilo2.
If I remove service provider in kilo2 (registered for kilo3), i can get
federated scoped token.
So far I know for issuing v3 token, the error is within webob
python /usr/local/lib/python2.7/dist-packages/webob/dec.py while
authenticating the
token in /keystone/auth/controllers.py. the following link is the stack
trace:
http://paste.openstack.org/show/422584/
The issue is when a SP is setup to be idp as well service provider (for
kilo3) in kilo2, then i get http 500 internal server error.
The response unscoped token from kilo2 is the following link:
http://paste.openstack.org/show/412951/
I wanted to know if somebody tested similar scenarios or had similar issues.
Thanks for your response
-Navid Pustchi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150821/ed38fb2a/attachment.html>
More information about the OpenStack-dev
mailing list