Monday, 2019-07-29

« Sunday, 2019-07-28 Index Tuesday, 2019-07-30 »
*** jamesmcarthur has quit IRC00:00
*** jamesmcarthur has joined #openstack-keystone00:00
*** jamesmcarthur has quit IRC00:43
*** jamesmcarthur has joined #openstack-keystone00:44
*** jamesmcarthur has quit IRC00:49
*** jamesmcarthur has joined #openstack-keystone00:53
*** jamesmcarthur has quit IRC01:15
*** jamesmcarthur has joined #openstack-keystone01:43
*** markvoelker has joined #openstack-keystone02:29
*** rcernin has quit IRC02:45
*** rcernin has joined #openstack-keystone02:47
*** jamesmcarthur has quit IRC03:21
*** jamesmcarthur has joined #openstack-keystone03:22
*** jamesmcarthur has quit IRC03:27
*** jamesmcarthur has joined #openstack-keystone03:39
*** jamesmcarthur has quit IRC03:58
*** jamesmcarthur has joined #openstack-keystone03:59
*** jamesmcarthur has quit IRC04:04
*** jamesmcarthur has joined #openstack-keystone04:07
*** jamesmcarthur has quit IRC04:40
*** jamesmcarthur has joined #openstack-keystone05:07
*** jamesmcarthur has quit IRC05:14
*** brtknr has quit IRC05:17
*** brtknr has joined #openstack-keystone05:19
*** whoami-rajat has joined #openstack-keystone05:22
*** jaosorior has joined #openstack-keystone05:26
*** jamesmcarthur has joined #openstack-keystone05:40
*** jamesmcarthur has quit IRC05:44
*** jamesmcarthur has joined #openstack-keystone06:20
*** jamesmcarthur has quit IRC06:25
openstackgerritVishakha Agarwal proposed openstack/keystone master: Add openstack_groups to assertion  https://review.opendev.org/58821106:59
*** tesseract has joined #openstack-keystone07:08
*** rcernin has quit IRC07:11
*** jamesmcarthur has joined #openstack-keystone07:21
*** jamesmcarthur has quit IRC07:25
*** pcaruana has joined #openstack-keystone07:31
*** dancn has joined #openstack-keystone07:46
*** jamesmcarthur has joined #openstack-keystone07:57
*** jaosorior has quit IRC07:59
*** jamesmcarthur has quit IRC08:02
*** ivve has joined #openstack-keystone08:15
*** tkajinam has quit IRC08:30
*** brtknr has quit IRC08:33
*** brtknr has joined #openstack-keystone08:35
*** jaosorior has joined #openstack-keystone08:46
*** tesseract has quit IRC08:58
*** jamesmcarthur has joined #openstack-keystone08:59
*** jamesmcarthur has quit IRC09:03
*** stingrayza_ is now known as stingrayza09:10
*** trident has quit IRC09:16
*** trident has joined #openstack-keystone09:17
*** tesseract has joined #openstack-keystone09:20
*** baffle has quit IRC09:22
*** altlogbot_2 has quit IRC09:24
*** altlogbot_2 has joined #openstack-keystone09:25
*** baffle has joined #openstack-keystone09:30
*** jamesmcarthur has joined #openstack-keystone09:38
*** jamesmcarthur has quit IRC09:43
*** jaosorior has quit IRC10:23
*** brtknr has quit IRC10:30
*** brtknr has joined #openstack-keystone10:32
*** brtknr has quit IRC10:34
*** brtknr has joined #openstack-keystone10:35
*** brtknr has quit IRC10:36
*** jawad_axd has joined #openstack-keystone10:38
*** jamesmcarthur has joined #openstack-keystone10:39
*** jamesmcarthur has quit IRC10:44
*** brtknr has joined #openstack-keystone10:45
*** brtknr has quit IRC11:04
*** brtknr has joined #openstack-keystone11:05
*** brtknr has quit IRC11:06
*** brtknr has joined #openstack-keystone11:06
*** brtknr has quit IRC11:07
openstackgerritDmitry Tantsur proposed openstack/keystoneauth master: Allow requesting fixed retry delay instead of exponential  https://review.opendev.org/67293011:07
*** brtknr has joined #openstack-keystone11:08
*** jamesmcarthur has joined #openstack-keystone11:11
*** jamesmcarthur has quit IRC11:16
*** brtknr has quit IRC11:20
*** brtknr has joined #openstack-keystone11:21
*** brtknr has quit IRC11:22
*** brtknr has joined #openstack-keystone11:23
*** brtknr has quit IRC11:23
*** brtknr has joined #openstack-keystone11:24
*** brtknr has quit IRC11:24
*** brtknr has joined #openstack-keystone11:25
*** jamesmcarthur has joined #openstack-keystone11:27
*** dancn has quit IRC11:27
vishakhacmorpheus: Could you help for #link https://review.opendev.org/#/c/669331/ shade support for app creds.  Facing issue while assigning the user.id value in base_path #link ]https://www.paste.org/9974211:30
*** jaosorior has joined #openstack-keystone11:34
*** kplant has joined #openstack-keystone11:36
*** jamesmcarthur has quit IRC11:36
*** jamesmcarthur has joined #openstack-keystone11:37
mordredvishakha: left of a comment on what I Think it is11:51
*** raildo has joined #openstack-keystone11:55
*** jamesmcarthur has quit IRC12:05
*** raildo_ has joined #openstack-keystone12:06
*** raildo has quit IRC12:07
*** dancn has joined #openstack-keystone12:09
*** mvkr has quit IRC12:22
*** raildo_ has quit IRC12:27
*** raildo has joined #openstack-keystone12:27
*** ivve has quit IRC12:34
*** jamesmcarthur has joined #openstack-keystone12:49
*** jroll has quit IRC13:07
*** jawad_axd has quit IRC13:08
*** jroll has joined #openstack-keystone13:08
*** ivve has joined #openstack-keystone13:11
*** jmlowe has joined #openstack-keystone13:13
*** ivve has quit IRC13:16
*** mvkr has joined #openstack-keystone13:20
jdenniskplant, cmorpheus: I've been on vacation and just got back, I see you're having some problems with mellon, I got lost in the earlier discussions, if are still having problems or a specific question ping me.13:21
kplantjdennis: i was ultimately able to get it working with keycloak as an idp13:23
kplanti had to change in https://docs.openstack.org/keystone/latest/admin/federation/mellon.html: MellonEndPointPath to MellonEndpointPath /v3/OS-FEDERATION/identity_providers/keycloak/protocols/saml2/auth/mellon13:24
kplantthat matched what the mellon script populated in the metadata.xml13:24
jdenniskplant: The mellon metdatadata and the MellonEndpointPath *must* be in sync, this is discussed here in the user guide: https://github.com/Uninett/mod_auth_mellon/blob/master/doc/user_guide/mellon_user_guide.adoc#105-incorrect-mellonendpointpath13:29
kplantright, that's why i had to change it13:31
jdenniskplant, cmorpheus: the upstream version of the Mellon User Guide has all sorts of useful information including debugging tips, I see Colleen pointed you to a version of the doc in my private area, but that's old, use this upstream version instead: https://github.com/Uninett/mod_auth_mellon/blob/master/doc/user_guide/mellon_user_guide.adoc13:31
jdenniskplant: glad you got it working13:32
kplantyeah the mellon documentation was super helpful13:32
kplantthank you13:32
jdenniskplant: sometimes turning on the "diagnostics" logging in mellon can be a real help as well.13:33
*** mvkr has quit IRC13:34
*** whoami-rajat has quit IRC13:42
*** cmorpheus is now known as cmurphy13:46
*** mvkr has joined #openstack-keystone13:47
cmurphythanks jdennis13:48
cmurphyvishakha: i can try to help later today13:48
*** dklyle has quit IRC14:00
*** dklyle has joined #openstack-keystone14:00
*** dancn has quit IRC14:03
*** jmlowe has quit IRC14:08
*** dancn has joined #openstack-keystone14:11
kplantcmurphy: i'm running through configuring mellon avain with /v3/mellon as the endpoint and just supplying that to the script instead, that should be much cleaner if it works14:20
kplantagain*14:21
*** ivve has joined #openstack-keystone14:55
*** joshualyle has quit IRC15:06
*** jamesmcarthur has quit IRC15:16
*** jamesmcarthur_ has joined #openstack-keystone15:16
*** gyee has joined #openstack-keystone15:39
*** mvkr has quit IRC16:01
*** vishwanathj has quit IRC16:02
*** dancn has quit IRC16:09
*** vishwanathj has joined #openstack-keystone16:19
*** ivve has quit IRC16:21
*** joshualyle has joined #openstack-keystone16:26
*** tesseract has quit IRC16:28
*** joshualyle has quit IRC16:30
*** ivve has joined #openstack-keystone16:52
*** ivve has quit IRC16:59
*** xek has quit IRC17:07
*** xek has joined #openstack-keystone17:08
*** vishwanathj has quit IRC17:21
*** jamesmcarthur_ has quit IRC17:24
*** dancn has joined #openstack-keystone17:35
*** vishwanathj has joined #openstack-keystone17:39
*** whoami-rajat has joined #openstack-keystone17:39
*** dancn has quit IRC17:40
*** jdwidari has joined #openstack-keystone17:42
*** trident has quit IRC17:47
*** dancn has joined #openstack-keystone17:47
*** trident has joined #openstack-keystone17:51
*** jamesmcarthur has joined #openstack-keystone18:12
kplantis there a way to set the relay_state_prefix for an SP? trying to work around the bug here: https://bugs.launchpad.net/keystone/+bug/179472618:27
openstackLaunchpad bug 1794726 in OpenStack Identity (keystone) "Keystone as a SAML IdP does not work when mod_auth_mellon is used as the SP" [Medium,Triaged]18:27
kplanti can see relate_state_prefix as 'ss:mem:' but can't figure out how to change it18:27
cmurphykplant: that bug should have been fixed in at least some versions of the mellon package, i hadn't closed it because i hadn't verified where it was fixed18:31
kplanti'm running into the same exact behavior detailed in that bug18:32
kplantam on centos though, so the version of mellon might be ancient18:32
*** dancn has quit IRC18:32
*** joshualyle has joined #openstack-keystone18:49
*** jamesmcarthur has quit IRC18:52
*** jamesmcarthur has joined #openstack-keystone19:04
knikollacmurphy: the part of the bug which has been fixed is the way that mellon interprets the signed xml19:14
knikollaafaik the relay-state part still applies19:15
kplantknikolla: do you know what the relay prefix should be? i've tried http://nameofsp but still not working19:16
kplanti'm just hand editing it in mariadb19:16
knikollai only remember what i wrote in the bug comment19:18
knikollait's been a while19:18
kplanti think i'm going to have to deal with rebuilding kolla containers to use shibboleth instead, mellon is way too hacky for production19:22
*** kplant has quit IRC19:42
*** jamesmcarthur has quit IRC19:54
*** jmlowe has joined #openstack-keystone19:57
*** jamesmcarthur has joined #openstack-keystone19:58
*** vishwanathj has quit IRC19:58
*** jamesmcarthur has quit IRC20:03
*** vishwanathj has joined #openstack-keystone20:06
*** jmlowe has quit IRC20:14
*** jamesmcarthur has joined #openstack-keystone20:25
*** jamesmcarthur has quit IRC20:31
*** kplant has joined #openstack-keystone20:37
*** whoami-rajat has quit IRC20:39
*** xek has quit IRC20:43
*** trident has quit IRC20:49
*** trident has joined #openstack-keystone20:52
*** jamesmcarthur has joined #openstack-keystone20:59
*** jamesmcarthur has quit IRC21:03
*** jdwidari has quit IRC21:29
*** jamesmcarthur has joined #openstack-keystone21:39
*** jamesmcarthur has quit IRC21:40
*** jamesmcarthur_ has joined #openstack-keystone21:40
*** mvkr has joined #openstack-keystone22:06
*** tkajinam has joined #openstack-keystone22:54
*** rcernin has joined #openstack-keystone23:02
« Sunday, 2019-07-28 Index Tuesday, 2019-07-30 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!