search

norcams / himlar-connect

himlar FEIDE Connect integration dev env
Apache License 2.0
0 stars 0 forks source link

Failure when federated user name contains non ascii characters. #5

Open jhellan opened 8 years ago

jhellan commented 8 years ago

I get '{"error": {"message": "An unexpected error prevented the server from fulfilling your request: 'ascii' codec can't decode byte 0xc3 in position 5: ordinal not in range(128) (Disable debug mode to suppress these details.)", "code": 500, "title": "Internal Server Error"}}' when logging in via dataporten. My name has an 'å'. I suspect there is a connection.

Error comes from l 613 in keystone/contrib/federation/utils.py (stable/liberty branch): new_value = v.format(*direct_maps) in _update_local_mapping

jhellan commented 8 years ago

Same code on master. It has been moved up from contrib: keystone/federation/utils.py, l 625

beddari commented 8 years ago

Might even be worth an upstream bug report ...

jhellan commented 8 years ago

Probably. Anyway, here's the stack trace:

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 248, in __call__
    result = method(context, **params)
  File "/usr/lib/python2.7/site-packages/keystone/contrib/federation/controllers.py", line 315, in federated_sso_auth
    protocol_id)
  File "/usr/lib/python2.7/site-packages/keystone/contrib/federation/controllers.py", line 297, in federated_authentication
    return self.authenticate_for_token(context, auth=auth)
  File "/usr/lib/python2.7/site-packages/keystone/auth/controllers.py", line 385, in authenticate_for_token
    self.authenticate(context, auth_info, auth_context)
  File "/usr/lib/python2.7/site-packages/keystone/auth/controllers.py", line 510, in authenticate
    auth_context)
  File "/usr/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py", line 69, in authenticate
    self.identity_api)
  File "/usr/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py", line 144, in handle_unscoped_token
    federation_api, identity_api)
  File "/usr/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py", line 188, in apply_mapping_filter
    identity_provider, protocol, assertion)
  File "/usr/lib/python2.7/site-packages/keystone/contrib/federation/core.py", line 90, in evaluate
    mapped_properties = rule_processor.process(assertion_data)
  File "/usr/lib/python2.7/site-packages/keystone/contrib/federation/utils.py", line 470, in process
    new_local = self._update_local_mapping(local, direct_maps)
  File "/usr/lib/python2.7/site-packages/keystone/contrib/federation/utils.py", line 611, in _update_local_mapping
    new_value = self._update_local_mapping(v, direct_maps)
  File "/usr/lib/python2.7/site-packages/keystone/contrib/federation/utils.py", line 613, in _update_local_mapping
    new_value = v.format(*direct_maps)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 5: ordinal not in range(128)
jhellan commented 8 years ago

Maybe you could report to launchpad. I seem to be unable to register.

beddari commented 8 years ago

Could you test this change?

if ! grep -q en_US.UTF-8 /etc/sysconfig/httpd; then
  echo LANG=en_US.UTF-8 > /etc/sysconfig/httpd
  systemctl restart httpd
fi
jhellan commented 8 years ago

Good idea, but no change. Same stack trace

jhellan commented 8 years ago

Reported upstream as https://bugs.launchpad.net/keystone/+bug/1525250

beddari commented 8 years ago

Thanks. A temporary fix would be to not map the name until we do or get a code fix for this issue. If name is required on the openstack side we could populate it with e.g FEIDE id.

Having the full name is more of a UX issue than a system one.

beddari commented 8 years ago

This is now fixed in mitaka-3 "m3", thanks for reporting @jhellan.

Issue can be closed.