19:06:29 <lbragstad> #startmeeting keystone-office-hours
19:06:30 <openstack> Meeting started Tue Oct  3 19:06:29 2017 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:06:32 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:06:34 <openstack> The meeting name has been set to 'keystone_office_hours'
19:33:20 <lbragstad> just an fyi for folks - i'll be spending office hours wrapping up policy changes for watcher, then focusing on bug triage
20:39:39 <superSecuriTay> can Keystone serve openIDC requests?
20:39:43 <superSecuriTay> like an IDP?
20:41:25 <breton> no, only saml
20:42:20 <lbragstad> efried: we've seen this before elsewhere haven't we? https://bugs.launchpad.net/keystoneauth/+bug/1713616
20:42:21 <openstack> Launchpad bug 1713616 in keystoneauth "keystone v2.0 doesn't work when v3 in the catalog endpoint" [Undecided,New]
20:42:45 <superSecuriTay> breton: I see docs for consuming federated auth like saml2 via mod_mellon
20:43:00 <efried> lbragstad Sounds familiar, looking...
20:43:01 <superSecuriTay> but it can also be a saml identity provider?
20:43:06 <superSecuriTay> are there docs for this?
20:43:52 <kmalloc> superSecuriTay: i like your irc nic
20:44:07 <efried> lbragstad 3.2.0 had some bug fixes that might resolve.
20:44:25 <kmalloc> superSecuriTay: keystone can be an IDP (saml) but it is usually only for the k2k model (keystone-to-keystone) in federation
20:44:37 <lbragstad> efried: ok - i thought that looked familiar
20:44:53 <efried> lbragstad Looking at the 3.1.0 - 3.2.0 changes...
20:44:55 <kmalloc> using keystone as an IDP otherwise is likely to not work as expected (it will only provide highly-openstack specific data to the SP)
20:45:42 <cmurphy> efried: lbragstad that sort of looks like https://review.openstack.org/#/c/492484/
20:46:00 <efried> cmurphy Agree, was just getting at that
20:46:23 <kmalloc> superSecuriTay: the docs are related to https://docs.openstack.org/security-guide/identity/federated-keystone.html#setting-identity-service-as-identity-provider
20:46:27 <efried> cmurphy lbragstad Have 'em try removing the trailing slash in the catalog entry to confirm; or just upgrade to 3.2.0 and see if that fixes.
20:47:15 <efried> cmurphy lbragstad dup to https://bugs.launchpad.net/keystoneauth/+bug/1709658 if so.
20:47:16 <openstack> Launchpad bug 1709658 in keystoneauth ""Could not find requested endpoint in Service Catalog" when requesting unavailable identity endpoint" [Undecided,Fix released] - Assigned to Colleen Murphy (krinkle)
20:49:36 <efried> cmurphy lbragstad That's the only likely suspect between 3.1.0 and 3.2.0.  If it ain't that, we'll need more digging.
20:51:29 <efried> cmurphy lbragstad Updated the bug.
20:51:55 <lbragstad> efried: cmurphy awesome - thank you
21:02:38 <openstackgerrit> Matthew Edmonds proposed openstack/keystone master: Deprecate policies API  https://review.openstack.org/503828
21:30:47 <lbragstad> relatively easy documentation bug for anyone to pick up https://bugs.launchpad.net/keystone/+bug/1698455
21:30:48 <openstack> Launchpad bug 1698455 in OpenStack Identity (keystone) "Install and configure in Installation Guide: Populate the Identity service database step fails on CentOS7" [Medium,New]
21:34:40 <lbragstad> another easy documentation fix
21:34:41 <lbragstad> https://bugs.launchpad.net/keystone/+bug/1716797
21:34:42 <openstack> Launchpad bug 1716797 in OpenStack Identity (keystone) "Verify operation in keystone: step 1 has already been done" [Medium,Triaged]
21:39:22 <openstackgerrit> Lance Bragstad proposed openstack/keystone master: Remove admin_token_auth steps from install guide  https://review.openstack.org/509293
21:49:03 <gagehugo> o/
21:59:26 <lbragstad> o/
21:59:28 <lbragstad> :)
21:59:31 <lbragstad> #endmeeting