[Openstack] Adding User to Roles invalidates current token?

Julie Pichon jpichon at redhat.com
Thu Aug 29 07:23:22 UTC 2013

Hi Joe,

"Joe Topjian" <joe.topjian at cybera.ca> wrote:
> I'm running through some Folsom to Grizzly upgrade tests and have noticed
> an odd issue with Keystone and Horizon:
> If I'm logged into Horizon as the admin user and then (on the command line)
> add a role to the admin user to a tenant, my Horizon session is now invalid
> and I have to logout and log back in.
> Logs are showing this error:
> Unauthorized: Unable to communicate with identity service: {"error":
> {"message": "Could not find token: 80429dc1ca214b39ad3ef17a71ac5915",
> "code": 401, "title": "Not Authorized"}}. (HTTP 401)
> If I use MySQL as the token store, I can see that the token in question has
> indeed become invalid.
> I'm not sure if something broke or is misconfigured from the upgrade or if
> this is a new characteristic of Keystone?

This sounds like https://bugs.launchpad.net/keystone/+bug/1170186 which should have been backported to Grizzly 2013.1.3 (Aug 8th stable release).


> Any ideas?
> Thanks,
> Joe
> --
> Joe Topjian
> Systems Architect
> Cybera Inc.
> www.cybera.ca
> Cybera is a not-for-profit organization that works to spur and support
> innovation, for the economic benefit of Alberta, through the use
> of cyberinfrastructure.
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

More information about the Openstack mailing list