OpenStack Identity (keystone)

How to map a user to a domain other than Federated domain?

Asked by Sohan Sangwan

I am trying to understand direct mapping on OpenStack. I want to map a user to a domain other than Federated domain. But I always get user mapped to Federated domain. Here follows the link for direct mapping that I am using:

https://specs.openstack.org/openstack/keystone-specs/specs/kilo/federated-direct-user-mapping.html (https://specs.openstack.org/openstack...)

Here follows the rule for mapping that I am using:

[
  {
    "local": [
      {
        "user": {
          "name": "{0}",
          "domain": {"name": "Default"}
        }
      },
      {
        "group": {
          "id": "GROUP_ID"
        }
      }
    ],
    "remote": [
      {
        "type": "HTTP_OIDC_SUB"
      }
    ]
  }
]

I am using OpenID connect Idp for federation authentication and Liberty OpenStack version.

I have created user named as admin in Identity Provider. As the user admin also exists in the Keystone backend, I think it should be mapped to local admin user. But it does not happen. It is considered ephemeral user and mapped to Federated domain.

Could someone help me how I can do direct mapping to map a federated user to a domain other than Federated domain?

Question information

Language:
English Edit question
Status:
Expired
For:
OpenStack Identity (keystone) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.