2077780 – Keystone fails to check whether user belongs to group for federated user from federated group

Bug 2077780 - Keystone fails to check whether user belongs to group for federated user from federated group [NEEDINFO]

Summary: Keystone fails to check whether user belongs to group for federated user from...

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-keystone
Sub Component:
Version:	17.1 (Wallaby)
Hardware:	All
OS:	All
Priority:	medium
Severity:	medium
Target Milestone:	zstream
Target Release:	---
Assignee:	Dave Wilde
QA Contact:	Jeremy Agee
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1590932
TreeView+	depends on / blocked

Reported:	2022-04-22 08:59 UTC by Alex Stupnikov
Modified:	2023-08-03 15:46 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:
Flags:	ifrangs: needinfo? (dwilde)

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	OSP-14834	0	None	None	None	2022-04-22 09:08:36 UTC

Description Alex Stupnikov 2022-04-22 08:59:27 UTC

Description of problem:
'openstack group contains user' command output is incorrect when both user and group are federated: it states that user is "not in group". Command works as expected when federated user belongs to non-federated group.

Version-Release number of selected component (if applicable):
Red Hat OpenStack Platform release 16.1.6 GA

How reproducible:

- customer is using OpenID Connect Service Provider for Keystone
- 'openstack group contains user' provides incorrect result when both user and user's group belong to federated domain

Note You need to log in before you can comment on or make changes to this bug.