diff options
| author | Zuul <zuul@review.opendev.org> | 2019-09-20 18:25:39 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2019-09-20 18:25:39 +0000 |
| commit | e6d41159c6cfbb7a09f1d84ed897b5d6f9cb39d1 (patch) | |
| tree | 538aa7084a156806659c21d884d7acd1198741d7 | |
| parent | e50b758ee52f2f1b249114d0f172d00ac48c52d4 (diff) | |
| parent | e224082ecd347202695b8bbc3e5c5253cf729f92 (diff) | |
| download | keystone-e6d41159c6cfbb7a09f1d84ed897b5d6f9cb39d1.tar.gz | |
Merge "Add remote_id definition in _perform_auth"
| -rw-r--r-- | keystone/api/auth.py | 1 | ||||
| -rw-r--r-- | keystone/tests/unit/test_v3_federation.py | 10 | ||||
| -rw-r--r-- | releasenotes/notes/bug-1844207-x27a31f3403xfd7y.yaml | 7 |
3 files changed, 18 insertions, 0 deletions
diff --git a/keystone/api/auth.py b/keystone/api/auth.py index d399df433..91dfa43ca 100644 --- a/keystone/api/auth.py +++ b/keystone/api/auth.py @@ -338,6 +338,7 @@ class AuthFederationWebSSOResource(_AuthFederationWebSSOBase): @classmethod def _perform_auth(cls, protocol_id): idps = PROVIDERS.federation_api.list_idps() + remote_id = None for idp in idps: try: remote_id_name = federation_utils.get_remote_id_parameter( diff --git a/keystone/tests/unit/test_v3_federation.py b/keystone/tests/unit/test_v3_federation.py index 9b27f1bad..a24ddfc46 100644 --- a/keystone/tests/unit/test_v3_federation.py +++ b/keystone/tests/unit/test_v3_federation.py @@ -4886,6 +4886,16 @@ class WebSSOTests(FederatedTokenTests): auth_api.AuthFederationWebSSOResource._perform_auth, self.PROTOCOL) + def test_federated_sso_auth_protocol_not_found(self): + environment = {self.REMOTE_ID_ATTR: self.REMOTE_IDS[0], + 'QUERY_STRING': 'origin=%s' % self.ORIGIN} + environment.update(mapping_fixtures.EMPLOYEE_ASSERTION) + with self.make_request(environ=environment): + self.assertRaises( + exception.Unauthorized, + auth_api.AuthFederationWebSSOResource._perform_auth, + 'no_this_protocol') + def test_federated_sso_untrusted_dashboard(self): environment = {self.REMOTE_ID_ATTR: self.REMOTE_IDS[0], 'QUERY_STRING': 'origin=%s' % uuid.uuid4().hex} diff --git a/releasenotes/notes/bug-1844207-x27a31f3403xfd7y.yaml b/releasenotes/notes/bug-1844207-x27a31f3403xfd7y.yaml new file mode 100644 index 000000000..29ccaac42 --- /dev/null +++ b/releasenotes/notes/bug-1844207-x27a31f3403xfd7y.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + [`bug 1844207 <https://bugs.launchpad.net/keystone/+bug/1844207>`_] + Fixes an issue with WebSSO auth where a server error was raised if a remote + ID can't be found for the requested federation protocol, now correctly + raises an Unauthorized client error. |