Bug 1332325

Summary: User list as project admin after IDM integration from Horizon dashboard throwing an error
Product: Red Hat OpenStack Reporter: Andreas Karis <akaris>
Component: python-django-horizonAssignee: Jason E. Rist <jrist>
Status: CLOSED WONTFIX QA Contact: Ido Ovadia <iovadia>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0 (Kilo)CC: athomas, beth.white, mrunge, srevivo
Target Milestone: asyncKeywords: Triaged, ZStream
Target Release: 8.0 (Liberty)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 15:46:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
01
none
02
none
03
none
04
none
05
none
06
none
07
none
08 none

Description Andreas Karis 2016-05-02 23:27:18 UTC 
Created attachment 1153085 [details]
01

Upstream bug which was marked as invalid:
https://bugs.launchpad.net/horizon/+bug/1415588

Knowledge base article:
https://access.redhat.com/solutions/2287551

=======================================================

"Text from the knowledge base article:

    When managing users with IDM and integrate IDM as identity provider, a project admin in Openstack gets the following message while retrieving the user list from Horizon dashboard.

Raw

Error: Unauthorized: Unable to retrieve user list.

    Why every time a project admin tries to retrieve the Identity/Users tab in Horizon is getting failed with following message in /var/log/keystone/keystone.log file ?

Raw

2016-04-27 12:42:40.237 14936 WARNING keystone.common.controller [-] No domain information specified as part of list request
2016-04-27 12:42:40.238 14936 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. (Disable debug mode to suppress these details.) (Disable debug mode to suppress these details.) from 10.x.x.x.

Resolution

    This is expected behaviour, we need to set the domain context in horizon dashboard before trying to list the users.

Raw

1) Identity --> Domains --> Click on "Set Domain Context" corresponding to domain on which users are present.
2) Once this domain is selected then click on "users" tab to see the users present."

=======================================================

See screenshots 04 - 08 (attachments).

Even though this might be "correct" behaviour, I'm opening this bug because the error message is distubing for users. If this is expected behaviour, then we shouldn't see an error message, but a warning / instruction of how to do it right. Alternatively, users should be able to choose their default domain context and not be confronted with this issue at all.

=======================================================

There is an additional issue:
When users change /etc/openstack-dashboard/local_settings to
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = '<ACTIVE_DIRECTORY_DOMAIN>'
then there is no way to select "Set Domain Context" under "Domains". Please refer to screenshots 01 to 03.
Comment 2 Andreas Karis 2016-05-02 23:27:42 UTC 
Created attachment 1153086 [details]
02
Comment 3 Andreas Karis 2016-05-02 23:27:59 UTC 
Created attachment 1153087 [details]
03
Comment 4 Andreas Karis 2016-05-02 23:28:20 UTC 
Created attachment 1153088 [details]
04
Comment 5 Andreas Karis 2016-05-02 23:28:35 UTC 
Created attachment 1153089 [details]
05
Comment 6 Andreas Karis 2016-05-02 23:28:51 UTC 
Created attachment 1153090 [details]
06
Comment 7 Andreas Karis 2016-05-02 23:29:07 UTC 
Created attachment 1153092 [details]
07
Comment 8 Andreas Karis 2016-05-02 23:29:22 UTC 
Created attachment 1153093 [details]
08
Comment 14 Jason E. Rist 2018-10-30 15:46:21 UTC 
Closing. If this still seems like an issue, please re-open.

This is part of a bug closing  action due to lack of resources.
Age >3 months + Priority < High + No active customer reference