Ask Your Question
1

openstack when configured as service provider giving error "Missing entity id from environment"

asked 2016-02-01 23:47:14 -0500

vibhu gravatar image

updated 2017-06-06 14:12:05 -0500

rbowen gravatar image

Openstack mapping create SAS –remote-id https://idp1.cryptocard.com/idp/shibb...

+-------------+--------------------------------------------+
| Field       | Value                                      |
+-------------+--------------------------------------------+
| description | None                                       |
| enabled     | True                                       |
| id          | SAS                                        |
| remote_ids  | https://idp1.cryptocard.com/idp/shibboleth |
+-------------+--------------------------------------------+
Openstack mapping create SAS_mapping  --rules mapping.json

+-------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value                                                                                                                                                                                                              |
+-------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id    | SAS_mapping                                                                                                                                                                                                        |
| rules | [{u'remote': [{u'type': u'Shib-Identity-Provider', u'any_one_of': [u'https://idp1.cryptocard.com/idp/profile/SAML2/POST-SimpleSign/SSO']}], u'local': [{u'group': {u'id': u'e67bb0d92539440cbd36603f6ac3fd20'}}]}] |
+-------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Openstack federation protocol create test_SAS –identity-provider SAS –mapping SAS_mapping

+-------------------+-------------+
| Field             | Value       |
+-------------------+-------------+
| id                | test_SAS    |
| identity_provider | SAS         |
| mapping           | SAS_mapping |
+-------------------+-------------+
edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted
0

answered 2016-05-18 01:23:59 -0500

spsingh gravatar image

Make sure the following entry is not missing in /etc/keystone/keystone.conf file:

[saml2] remote_id_attribute = Shib-Identity-Provider

OR

[oidc] remote_id_attribute = HTTP_OIDC_ISS

edit flag offensive delete link more

Comments

@spsingh Inspite of the entry being set, i am getting the error. Is there any other configuration required?

sanjana gravatar imagesanjana ( 2017-06-05 23:54:05 -0500 )edit
0

answered 2017-03-15 06:34:18 -0500

I have the same issue. When I configure the Keystone as Service Provider + horizon, I received this error in my /var/log/keystone/keystone-wsgi-public.log, after try logging in my IdP SimpleSamlPHP:

2017-03-15 01:32:26.240 29046 INFO keystone.common.wsgi [req-022ef0af-1811-4038-9aad-bd9a3e9443ac - - - - -] GET http://10.7.49.47:5000/v3/auth/OS-FEDERATION/identity_providers/myidp/protocols/mapped/websso?origin=http://10.7.49.47/horizon/auth/websso/
2017-03-15 01:32:26.241 29046 ERROR keystone.federation.controllers [req-022ef0af-1811-4038-9aad-bd9a3e9443ac - - - - -] http://10.7.49.47/horizon/auth/websso/ is not a trusted dashboard host
2017-03-15 01:32:26.242 29046 WARNING keystone.common.wsgi [req-022ef0af-1811-4038-9aad-bd9a3e9443ac - - - - -] Authorization failed. The request you have made requires authentication. from 10.7.49.11

And in my browser I received: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2016-02-01 23:47:14 -0500

Seen: 506 times

Last updated: Jun 06 '17