diff --git a/keystone/api/auth.py b/keystone/api/auth.py index 00382d0130..96c17f1301 100644 --- a/keystone/api/auth.py +++ b/keystone/api/auth.py @@ -336,8 +336,13 @@ class AuthFederationWebSSOResource(_AuthFederationWebSSOBase): def _perform_auth(cls, protocol_id): idps = PROVIDERS.federation_api.list_idps() for idp in idps: - remote_id_name = federation_utils.get_remote_id_parameter( - idp, protocol_id) + try: + remote_id_name = federation_utils.get_remote_id_parameter( + idp, protocol_id) + except exception.FederatedProtocolNotFound: + # no protocol for this IdP, so this can't be the IdP we're + # looking for + continue remote_id = flask.request.environ.get(remote_id_name) if remote_id: break diff --git a/keystone/tests/unit/test_v3_federation.py b/keystone/tests/unit/test_v3_federation.py index e2134cdd66..9b27f1bad4 100644 --- a/keystone/tests/unit/test_v3_federation.py +++ b/keystone/tests/unit/test_v3_federation.py @@ -736,6 +736,11 @@ class FederatedSetupMixin(object): ] } + # Add unused IdP first so it is indexed first (#1838592) + self.dummy_idp = self.idp_ref() + PROVIDERS.federation_api.create_idp( + self.dummy_idp['id'], self.dummy_idp + ) # Add IDP self.idp = self.idp_ref(id=self.IDP) PROVIDERS.federation_api.create_idp( @@ -762,6 +767,11 @@ class FederatedSetupMixin(object): PROVIDERS.federation_api.create_protocol( self.idp_with_remote['id'], self.proto_saml['id'], self.proto_saml ) + # Add unused protocol to go with unused IdP (#1838592) + self.proto_dummy = self.proto_ref(mapping_id=self.mapping['id']) + PROVIDERS.federation_api.create_protocol( + self.dummy_idp['id'], self.proto_dummy['id'], self.proto_dummy + ) with self.make_request(): self.tokens = {}