[Openstack] keystone question
pat
pat at xvalheru.org
Sun Feb 10 21:27:47 UTC 2013
Hi,
Thanks a lot.
Pat
On Fri, 8 Feb 2013 08:52:13 -0500, Tong Li wrote
> The X-Auth-Token header in your request to validate the user token are not the same thing. You have to login as admin to get a token and hold on to that token, when a user request comes in with his token, you can hand it over to keystone for validation. Here I think will be how the request look like.
>
> request: curl -s -X GET http://localhost:35357/tokens/tokenToBeValidated -H "X-Auth-Token: "adminAccessToken""
>
> adminAccessToken should be a token you (as admin) to get using the same API and admin userid and password or other means (certificates possibly if that is how it was designed) to get access token just like any other user against keystone.
>
> Hope that helps.
>
> Tong Li
> Emerging Technologies & Standards
>
> "pat" ---02/08/2013 07:31:25 AM---Hi, Thanks for the reply.
>
> From: "pat" <pat at xvalheru.org>
> To: Tong Li/Raleigh/IBM at IBMUS,
> Cc: openstack at lists.launchpad.net, openstack-bounces+litong01=us.ibm.com at lists.launchpad.net
> Date: 02/08/2013 07:31 AM
> Subject: Re: [Openstack] keystone question
>
-----------------------------------------------------------------------
>
> Hi,
>
> Thanks for the reply.
>
> I've been digging and I've found way how to get token using API:
> curl -s -X POST http://localhost:35357/tokens -d '{"auth": {"passwordCredentials": {"username":"XXX", "password":"XXX"}, "tenantName":"XXX"}}' -H "Content-type: application/json"
>
> This request returns JSON response, that's fine for me.
>
> But how to validate the token? I'm following the API:
> http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_validateToken_v2.0_tokens__tokenId__Admin_API_Service_Developer_Operations-d1e1356.html
>
> and request: curl -s -X GET http://localhost:35357/tokens/XXXYYYXXX -H "X-Auth-Token: "XXXYYYXXX""
> return 401 (unauthorized).
>
> What I'm doing wrong?
>
> Thanks for help
>
>
> On Wed, 6 Feb 2013 11:46:28 -0500, Tong Li wrote
> > keystone provides APIs for authentication, I would think you only need to develop some code in your app to call the API and parse the response, then following request will have to be verified using the token. If you app is already wsgi app, you will just need to use the keystone middleware in your pipeline. If it is other type of the application, you will just need to develop some code which deal with keystone authentication http request/response and figure out a way to verify the token.
> >
> > Thanks.
> >
> > Tong Li
> > Emerging Technologies & Standards
> >
> >
> >
> > "pat" ---02/06/2013 10:35:26 AM---Hi all, I have a question about keystone. I have an application (Jee web one) which I
> >
> > From: "pat" <pat at xvalheru.org>
> > To: openstack at lists.launchpad.net,
> > Date: 02/06/2013 10:35 AM
> > Subject: [Openstack] keystone question
> > Sent by: openstack-bounces+litong01=us.ibm.com at lists.launchpad.net
> >
-----------------------------------------------------------------------
> >
> > Hi all,
> >
> > I have a question about keystone. I have an application (Jee web one) which I
> > want to authenticate against keystone. What I have to do?
> >
> > Thanks
> >
> > Pat
> >
> > ----------------------------------------
> > Freehosting PIPNI - http://www.pipni.cz/
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~openstack
> > Post to : openstack at lists.launchpad.net
> > Unsubscribe : https://launchpad.net/~openstack
> > More help : https://help.launchpad.net/ListHelp
> >
> >
> >
> > ---------------------------------------------------------------------------
> > Freehosting PIPNI - http://www.pipni.cz/
>
>
> ---------------------------------------------------------------------------
> Freehosting PIPNI - http://www.pipni.cz/
>
> ---------------------------------------------------------------------------
> Freehosting PIPNI - http://www.pipni.cz/
----------------------------------------
Freehosting PIPNI - http://www.pipni.cz/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130210/205a80e5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130210/205a80e5/attachment.gif>
More information about the Openstack
mailing list
