<div dir="ltr"><div>Hello,</div><div>You need enable keystone debug log to find exact what is wrong,</div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Nguyen Huu Khoi<br></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 5, 2023 at 4:48 AM James Leong <<a href="mailto:jamesleong123098@gmail.com">jamesleong123098@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hi All,</div><div><br></div><div>
I am using the yoga version of OpenStack with the deployment tool of kolla-ansible. I am currently facing the below error when logging in via federated login using Globus Auth.<br></div><div><br></div><div>"
Login failed: An error occurred authenticating. Please try again later."</div><div><br></div><div>When attempting to login, we are able to redirect the page to globus and process the request. However, when it comes back to the horizon login page, I am getting an authentication error. I have set up my keystone identity provider in globals.yml as below.</div><div><br></div><div>keystone_identity_providers:<br> - name: "globus"<br> openstack_domain: "Default"<br> protocol: "openid"<br> identifier: "<a href="https://auth.globus.org" target="_blank">https://auth.globus.org</a>"<br> public_name: "Authenticate via Globus Auth"<br> attribute_mapping: "globus"<br> metadata_folder: "/home/user/osmetadata"<br> keystone_federation_oidc_jwks_uri: "<a href="https://auth.globus.org/jwk.json" target="_blank">https://auth.globus.org/jwk.json</a>"<br><br>keystone_identity_mappings:<br> - name: "globus"<br> file: "/home/user/globus.json"</div><div><br></div><div>Apart from specifying the identity provider and mapping, below are the other configurations we have set up when deploying.</div><div><br></div><div>kolla_enable_tls_internal: "no"<br>kolla_enable_tls_external: "yes"</div><div>kolla_enable_tls_backend: "no"<br>kolla_verify_tls_backend: "yes"</div><div><br></div><div>Thanks for the help,</div><div>James<br></div></div>
</blockquote></div>