Description of problem: ======================= When configuring token providers to pki provider = keystone.token.providers.pki.Provider Switching between projects requires relogin Version-Release number of selected component (if applicable): ============================================================= python-django-openstack-auth-1.2.0-4.el7ost.noarch How reproducible: ================= 100% Steps to Reproduce: =================== 1. Create a user members of TWO projects. 2. Switch keystone to use pki tokens /etc/keystone/keystone.conf set: provider = keystone.token.providers.pki.Provider where provider was provider = keystone.token.providers.uuid.Provider 3. Restart keystone or httpd (depending on deployment method) 4. Log that user from 1. into horizon 5. Switch project on project selector on upper corner. Actual results: =============== Selector appears but switching works only after relogin Expected results: ================= Switching works immediately (without relogin) Additional info: ================ When keystone use uuid switching works without relogin
under the light of keystone recommending to use uuid or even fernet tokens rather than pki tokens, should we just document not to use them? And there is: http://lists.openstack.org/pipermail/openstack-dev/2015-December/082368.html
This patch might be related here; https://review.openstack.org/#/c/264755/ Unfortunately, it didn't work in my tests.
Matthias seems to be rigth. I did a backport of the patch posted to kilo django_openstack_auth and changing projects seems to work perfectly with pki tokens now.
The backport seems to be a bit difficult to do against 7.0 as a lot has changed and requires a big change downstream. Would be better to target 8.0 instead as the backport is much cleaner.
Done the patch against 8.0
*** Bug 1316600 has been marked as a duplicate of this bug. ***
Created a user with two projects on OSP8 with PKI tokens as noted in comment #0 and was able to switch between them using dropbox in upper right of screen. [root@rhel7 ~(keystone_admin)]# rpm -q openstack-dashboard openstack-dashboard-8.0.1-6.el7ost.noarch [root@rhel7 ~(keystone_admin)]# rpm -q python-django-openstack-auth python-django-openstack-auth-2.0.1-3.el7ost.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2710.html