问题
im using keystone api to create an user (as in Fiware Keystone API Create User).
my steps:
create project with:
curl -s -H "X-Auth-Token:17007fe11124bd71eb60" -H "Content-Type: application/json" -d '{"tenant": {"description":"Project1", "name":"proyecto1", "enabled": true}}' http://localhost:35357/v2.0/tenants -X POST | python -mjson.tool
create role:
curl -s -H "X-Auth-Token:17007fe11124bd71eb60" -H "Content-Type: application/json" -d '{"role":{"name":"Project1Admin", "description":"Role Admin for project1"}}' http://localhost:35357/v3/roles | python -mjson.tool
Create user:
curl -s -H "X-Auth-Token:17007fe11124bd71eb60" -H "Content-Type: application/json" -d '{"user": {"default_project_id": "d0f384973b9f4a57b975fcd9bef10c6e", "description":"admin1", "enabled":true, "name":"admin", "password":"admin", "email":"admin@gmail.com"}}' http://localhost:35357/v2.0/users | python -mjson.tool
last step: create user-role-tenant relationship:
curl -s -H "X-Auth-Token:17007fe11124bd71eb60" http://localhost:35357/v2.0/tenants/d0f384973b9f4a57b975fcd9bef10c6e/users/admin1/roles/OS-KS/0c10f475076345368724a03ccd1c3403 -X PUT
if i check user:
curl -s -H "X-Auth-Token:17007fe11124bd71eb60" http://localhost:5000/v3/users/admin1 | python -mjson.tool
response:
{
"user": {
"default_project_id": "d0f384973b9f4a57b975fcd9bef10c6e",
"description": "admin1",
"domain_id": "default",
"email": "admin1@gmail.com",
"enabled": true,
"id": "admin1",
"links": {
"self": "http://localhost:5000/v3/users/admin1"
},
"name": "admin1",
"username": null
}
}
I think thats good, But I try to connect with horizon and have an error "Invalid user or password". The result im getting in logs is the following :
keystone.log
2016-04-20 07:56:03.949 2150 WARNING keystone.common.wsgi [-] Could not find user: admin1@gmail.com
2016-04-20 07:56:03.967 2150 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [20/Apr/2016 07:56:03] "HEAD /v3/OS-TWO-FACTOR/two_factor_auth?user_name=admin1%40gmail.com&domain_name=Default HTTP/1.1" 404 159 0.077033
horizon.log:
[Wed Apr 20 07:59:41.934935 2016] [:error] [pid 5963:tid
140154061260544] Login failed for user "admin1@gmail.com".
Anyone knows why this user cant connect with horizon?
thanks
回答1:
In KeyRock, we use the name field to store the user email, and the username field to store its username. When creating a user, all attributes provided in the request but the name, the username, the default_project_id, the domain_id and the enabled attribute are serialized and stored inside a field called extra. Therefore, your email attribute will be stored in the extra field.
After registering, when loging in to Horizon and providing the user email, Horizon sends a request to Keystone to search for the email in the name field. Since you are entering admin1@gmail.com, but the actual name you provided is admin1, login into Horizon will fail.
Registering the user again with admin1@gmail.com as name (and not email) should fix your problem, but you can also enter admin1 in the email field of the login form if you can't afford to recreate the user.
Hope this solves your issue!
来源:https://stackoverflow.com/questions/36737454/fiware-keystone-api-create-user-and-access-with-horizon