Ask Your Question

Keystone v3 Bug Domain always falls on default

asked 2015-09-01 08:40:20 -0500

latest_release gravatar image

This should be a bug on keystone v3, I try to a authenticate a user but the end point auth always defaults to a default installation domain even though I pass a valid user domain during auth.

Here is how I do it

from keystoneclient.v3 import client
from keystoneclient.auth.identity import v3
from keystoneclient import session
#from keystoneclient import client
from keystoneclient.v3.client import exceptions

keystone = client.Client(user_domain="TestDomainAgain",
                        username="", password="Test",

The above always resulted in the following error

keystoneclient.openstack.common.apiclient.exceptions.Unauthorized: The request you have made requires authentication. (HTTP 401)

When I hooked in the endpoint and put some debugging message on the password module I realized that the domain I pass was ignored silently. Here we go below

AUTH PAYLOAD  {u'user': {u'domain': {u'id': u'default'}, u'password': u'Test', u'name': u''}}
USER INFO  {u'domain': {u'id': u'default'}, u'password': u'Test', u'name': u''}
Password Is  Test UserName is
DOMAIN REF  {'enabled': True, u'description': u'Owns users and tenants (i.e. projects) available on Identity API v2.', 'name': u'Default', 'id': u'default'} ID  default

The domain I pass in silently ignored and the default is used, which in these cases is seems to be v2. It seems they are trying to locate the user in the default domain with pain because he does not exists.

1) Am i missing something in the client.Client 2) Is it a bug

Am using Ubuntu 14.04 Icehouse.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-09-02 03:00:12 -0500

Tobias Urdin gravatar image


Please see

I think you should use sessions since the non-session way of authenticate has bee deprecated.

In your example I think user_domain should be user_domain_name when you pass the parameter, you should anyway use sessions since the code you are writing will be using deprecated methods.

If you still have issues and nobody here can answer it I would assume you can file a bug on Launchpad.

Best regards

edit flag offensive delete link more


Thanks, as you said, i changed user_domain to user_domain_name, an it works. THANKS, and also got it working with sessions.

latest_release gravatar imagelatest_release ( 2015-09-03 06:53:08 -0500 )edit

I'm glad it helped you out, please mark it as answered to help other finding the same issue.

Tobias Urdin gravatar imageTobias Urdin ( 2015-09-04 01:46:21 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools


Asked: 2015-09-01 08:40:20 -0500

Seen: 380 times

Last updated: Sep 02 '15