[openstack-dev] [keystone]trusts with federated users

Gyorgy Szombathelyi gyorgy.szombathelyi at doclerholding.com
Wed Jun 8 07:07:14 UTC 2016

> > As an OIDC user, tried to play with Heat and Murano recently. They usually
> fail with a trust creation error, noticing that keystone cannot find the
> _member_ role while creating the trust.
> Hmmm...that should not be the case.  The user in question should have a
> role on the project, but getting it via a group is OK.
> I suspect the problem is the Ephemeral nature of Federated users. With the
> Shadow user construct (under construction) there would be something to
> use.
> Please file a bug on this and assign it to me (or notify me if you can't assign).

I had filed a bug to murano before, maybe it can be assigned to keystone(?):


More information about the OpenStack-dev mailing list