Error: "500" during login from VMware Identity Manager
search cancel

Error: "500" during login from VMware Identity Manager

book

Article ID: 321814

calendar_today

Updated On:

Products

VMware Integrated OpenStack

Issue/Introduction

  • When attempting to login to a previously working VMware Integrated OpenStack integration with VMware Identity Manager an error 500 is returned with the following error:
{"error": {"message": "Group <group name> returned by mapping idp_mapping was not found in the backend. (Disable insecure_debug mode to suppress these details.)", "code": 500, "title": "Internal Server Error"}}
  • This error will either appear in the UI or it will be in keystone logs.

Environment

7.x

Cause

  • The user that is attempting to login is joined to a group that does not exist in OpenStack. Keystone federation with VMware Identity Manager is done with a specific set of groups.
  • If Identity Manager is returning the user as a member of a group that doesn't exist in the Keystone database we will run into this issue.

Resolution

  • Create the group by CLI or API for the impacted users to login with the following command:
    openstack group create <group name>

Workaround:

  • The group that does not exist in the OpenStack Keystone database can be deleted in VMware Identity Manager.
  • This will allow users to login correctly to VMware Integrated OpenStack as a member of the group configured for Keystone federation.

Additional Information

See Full documentation on OpenStack commands to administer groups.

Powered by Wolken Software