[Openstack] Does Horizon honour Tokens

Michael Hearn mrhearn at gmail.com
Fri Jun 13 15:22:29 UTC 2014


Horizon gurus

Release:   icehouse
Token Type :   PKI
Identity Backend:   LDAP


Monitoring the authentication traffic generated by Horizon to LDAP,  I was
surprised to see that after the initial logon, and under the 'Project' tab,
I was still seeing calls out to LDAP each time I entered a link related to
a service (images, volumes, images and snapshots etc...).

My assumption was that after the initial logon the token would be used to
satisfy authentication requirements (until it expired).

I ran some debugging and confirmed that the underlying  python scripts e.g.
/usr/share/openstack-dashboard/openstack_dashboard/api/*  pickup the same
token although curiously at first glance it looks like a UUID based token
and not a PKI token.

So, my questions are:
i. Should Horizon honour token authentication as I enter different services
- mitigating the need to authN against ldap until token expires?
ii. Am I seeing a compressed PKI token when pulling data from
/user/share/openstack-dashboard/openstack_dashboard/api/glance.py or
cinder.py etc....


Cheers
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140613/15c68e73/attachment.html>


More information about the Openstack mailing list