
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<style><!--

/* Font Definitions */

@font-face

        {font-family:Helvetica;

        panose-1:2 11 6 4 2 2 2 2 2 4;}

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

span.EmailStyle17

        {mso-style-type:personal-reply;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I haven’t used the Apache2 WSGI front end for Icehouse, but I did use it with Grizzly. The Keystone endpoints should not change. The following URLs are incorrect.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">export OS_AUTH_URL="<a href="http://10.65.235.39:5000/keystone/main">http://10.65.235.39:5000/keystone/main</a>"<br>

export SERVICE_ENDPOINT="<a href="http://10.65.235.39:35357/keystone/admin">http://10.65.235.39:35357/keystone/admin</a>"<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Mark</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<div>

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> Staicu Gabriel [mailto:gabriel_staicu@yahoo.com]

<br>

<b>Sent:</b> Thursday, February 20, 2014 1:38 AM<br>

<b>To:</b> Dave Walker; openstack@lists.openstack.org<br>

<b>Subject:</b> Re: [Openstack] keystone with external authentication using apache2 on havana/ubuntu1204<o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<div>

<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Hi Dave,<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Thanks a lot for you interest in helping me. I will try to answer your questions as good as I can:<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">I am using havana release of the openstack. I am starting from default keystone authentication:<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">This is my /etc/keystone/keystone.conf:<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">[DEFAULT]<br>

log_file = keystone.log<br>

log_dir = /var/log/keystone<br>

[sql]<br>

connection = mysql://keystoneuser:keystonepass@153.65.235.39/keystone<br>

[identity]<br>

driver = keystone.identity.backends.sql.Identity<br>

[credential]<br>

driver = keystone.credential.backends.sql.Credential<br>

[trust]<br>

driver = keystone.trust.backends.sql.Trust<br>

[os_inherit]<br>

[catalog]<br>

driver = keystone.catalog.backends.sql.Catalog<br>

[endpoint_filter]<br>

[token]<br>

driver = keystone.token.backends.sql.Token<br>

[cache]<br>

[policy]<br>

driver = keystone.policy.backends.sql.Policy<br>

[ec2]<br>

driver = keystone.contrib.ec2.backends.kvs.Ec2<br>

[assignment]<br>

[oauth1]<br>

[ssl]<br>

[signing]<br>

[ldap]<br>

[auth]<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Then I am doing:<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">service keystone start<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">source openstackrc<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">The content of openstackrc:<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">export OS_TENANT_NAME=admin<br>

export OS_USERNAME=admin<br>

export OS_PASSWORD=admin<br>

export SERVICE_TOKEN=ADMIN<br>

export OS_AUTH_URL="<a href="http://10.65.235.39:5000/v2.0/">http://10.65.235.39:5000/v2.0/</a>"<br>

export SERVICE_ENDPOINT="<a href="http://10.65.235.39:35357/v2.0">http://10.65.235.39:35357/v2.0</a>"<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">keystone user-list<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">root@ubuntu1204:~# keystone user-list<br>

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).<br>

+----------------------------------+------------+---------+-------------------+<br>

|                id                |    name    | enabled |       email       |<br>

+----------------------------------+------------+---------+-------------------+<br>

| 813a815b593f495c9a449f9c5c44625d |   admin    |   True  | <a href="mailto:admin@example.com">

admin@example.com</a> |<br>

| 7df8919856ec4072927d2523bceed5eb | ceilometer |   True  | <a href="mailto:admin@example.com">

admin@example.com</a> |<br>

| b6aae4b745484e3da6892b68a7e322f9 |   cinder   |   True  | <a href="mailto:admin@example.com">

admin@example.com</a> |<br>

| d08d5f5e515a4601b417a637cf690999 |    demo    |   True  |  <a href="mailto:demo@example.com">

demo@example.com</a> |<br>

| a3a5444d42b9462e8fcac9e3a10f2e60 |   glance   |   True  | <a href="mailto:admin@example.com">

admin@example.com</a> |<br>

| 1c1ab74a4a934273836f41999e2ac9fc |    heat    |   True  | <a href="mailto:admin@example.com">

admin@example.com</a> |<br>

| 823d9d20cbd8412887c3f6052eca720d |  neutron   |   True  | <a href="mailto:admin@example.com">

admin@example.com</a> |<br>

| e58d30815fac48209bf56441e1d5bb76 |    nova    |   True  | <a href="mailto:admin@example.com">

admin@example.com</a> |<br>

+----------------------------------+------------+---------+-------------------+<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"> keystone endpoint-list<br>

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).<br>

+----------------------------------+-----------+--------------------------------------------+--------------------------------------------+--------------------------------------------+----------------------------------+<br>

|                id                |   region  |                 publicurl                  |                internalurl                 |                  adminurl                  |            service_id            |<br>

+----------------------------------+-----------+--------------------------------------------+--------------------------------------------+--------------------------------------------+----------------------------------+<br>

| 05784027da8b4acb8489d0486faf9f61 |  myregion |  <a href="http://153.65.235.39:8773/services/cloud">

http://153.65.235.39:8773/services/cloud</a>  |  <a href="http://153.65.235.39:8773/services/cloud">

http://153.65.235.39:8773/services/cloud</a>  |  <a href="http://153.65.235.39:8773/services/admin">

http://153.65.235.39:8773/services/admin</a>  | 5bc96b5587aa4f12919f3a155b5713b0 |<br>

| 10a762a17a58478d8285c1ca6ed8344a |  myregion | <a href="http://153.65.235.39:8004/v1/$(tenant_id)s">

http://153.65.235.39:8004/v1/$(tenant_id)s</a> | <a href="http://153.65.235.39:8004/v1/$(tenant_id)s">

http://153.65.235.39:8004/v1/$(tenant_id)s</a> | <a href="http://153.65.235.39:8004/v1/$(tenant_id)s">

http://153.65.235.39:8004/v1/$(tenant_id)s</a> | 3308b160d21f4dac84b866063852a47a |<br>

| 23aff8a4b486423592ad877eb0eb29d2 |  myregion |       <a href="http://153.65.235.39:5000/v2.0">

http://153.65.235.39:5000/v2.0</a>       |       <a href="http://153.65.235.39:5000/v2.0">

http://153.65.235.39:5000/v2.0</a>       |      <a href="http://153.65.235.39:35357/v2.0">

http://153.65.235.39:35357/v2.0</a>       | c5196b9c3d5446bdb63ee3b8f40d67f7 |<br>

| 8e0ecafcf86e42c28f6431e9cd6b330b |  myregion | <a href="http://153.65.235.39:8774/v2/$(tenant_id)s">

http://153.65.235.39:8774/v2/$(tenant_id)s</a> | <a href="http://153.65.235.39:8774/v2/$(tenant_id)s">

http://153.65.235.39:8774/v2/$(tenant_id)s</a> | <a href="http://153.65.235.39:8774/v2/$(tenant_id)s">

http://153.65.235.39:8774/v2/$(tenant_id)s</a> | 4d7a03c577304e3381a3d08ba74a70dc |<br>

| aaa01a27723d4d4abfe65496d03e811e |  myregion | <a href="http://153.65.235.39:8776/v1/$(tenant_id)s">

http://153.65.235.39:8776/v1/$(tenant_id)s</a> | <a href="http://153.65.235.39:8776/v1/$(tenant_id)s">

http://153.65.235.39:8776/v1/$(tenant_id)s</a> | <a href="http://153.65.235.39:8776/v1/$(tenant_id)s">

http://153.65.235.39:8776/v1/$(tenant_id)s</a> | aed8babcd157477b827c7a2ce89a641c |<br>

| aebb4602fae143ef86d62de0c0bc5ba8 | regionOne |     <a href="http://153.65.235.39/keystone/main">

http://153.65.235.39/keystone/main</a>     |                                            |   

<a href="http://153.65.235.39/keystone/admin">http://153.65.235.39/keystone/admin</a>     | c5196b9c3d5446bdb63ee3b8f40d67f7 |<br>

| c5169966464140c69fe8c244659ad932 |  myregion |         <a href="http://153.65.235.39:9696/">

http://153.65.235.39:9696/</a>         |         <a href="http://153.65.235.39:9696/">

http://153.65.235.39:9696/</a>         |         <a href="http://153.65.235.39:9696/">

http://153.65.235.39:9696/</a>         | a7a32598413a435687e9919c6add1647 |<br>

| d5b7a1f9f7bf417295f7b1e9e34f0a26 |  myregion |        <a href="http://153.65.235.39:8000/v1">

http://153.65.235.39:8000/v1</a>        |        <a href="http://153.65.235.39:8000/v1">

http://153.65.235.39:8000/v1</a>        |        <a href="http://153.65.235.39:8000/v1">

http://153.65.235.39:8000/v1</a>        | 43f4318c522646c2bdd44d6e9e09edfe |<br>

| ecc1cd7cbad8461281181a879286c2bf |  myregion |        <a href="http://153.65.235.39:9292/v2">

http://153.65.235.39:9292/v2</a>        |        <a href="http://153.65.235.39:9292/v2">

http://153.65.235.39:9292/v2</a>        |        <a href="http://153.65.235.39:9292/v2">

http://153.65.235.39:9292/v2</a>        | 6bd3e90b00a743cfa4a94050f87319aa |<br>

| fe815ceefd0544f2abd16c484cab1b27 |  myregion |         <a href="http://153.65.235.39:8777">

http://153.65.235.39:8777</a>          |         <a href="http://153.65.235.39:8777">

http://153.65.235.39:8777</a>          |         <a href="http://153.65.235.39:8777">

http://153.65.235.39:8777</a>          | 4aa31f280a1e40888d45119c02149a01 |<br>

+----------------------------------+-----------+--------------------------------------------+--------------------------------------------+--------------------------------------------+----------------------------------+<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">keystone service-list<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"> keystone service-list<br>

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).<br>

+----------------------------------+------------+----------------+----------------------------------+<br>

|                id                |    name    |      type      |           description            |<br>

+----------------------------------+------------+----------------+----------------------------------+<br>

| 4aa31f280a1e40888d45119c02149a01 | ceilometer |    metering    |    openstack metering service    |<br>

| aed8babcd157477b827c7a2ce89a641c |   cinder   |     volume     |     openstack volume service     |<br>

| 5bc96b5587aa4f12919f3a155b5713b0 |    ec2     |      ec2       |           ec2 service            |<br>

| 6bd3e90b00a743cfa4a94050f87319aa |   glance   |     image      |     openstack image service      |<br>

| 3308b160d21f4dac84b866063852a47a |    heat    | orchestration  | openstack orchestration service  |<br>

| 43f4318c522646c2bdd44d6e9e09edfe |  heat-cfn  | cloudformation | openstack cloudformation service |<br>

| c5196b9c3d5446bdb63ee3b8f40d67f7 |  keystone  |    identity    |    openstack identity service    |<br>

| a7a32598413a435687e9919c6add1647 |  neutron   |    network     |   openstack networking service   |<br>

| 4d7a03c577304e3381a3d08ba74a70dc |    nova    |    compute     |    openstack compute service     |<br>

+----------------------------------+------------+----------------+----------------------------------+<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">So this means that normal configuration works ok.<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Now I will try to configure http authentication and the steps that I am using are the following:<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">1) service keystone stop<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">2) create the file /etc/apache2/conf.d/wsgi-keystone.conf with the following content:<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Listen 5000<br>

<VirtualHost *:5000><br>

WSGIScriptAlias /keystone/main /var/www/cgi-bin/keystone/main<br>

</VirtualHost><o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Listen 35357<br>

<VirtualHost *:35357><br>

WSGIScriptAlias /keystone/admin /var/www/cgi-bin/keystone/admin<br>

</VirtualHost><o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">3) Both /var/www/cgi-bin/keystone/main and /var/www/cgi-bin/keystone/admin have the following content:<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"># Copyright 2013 OpenStack Foundation<br>

#<br>

#    Licensed under the Apache License, Version 2.0 (the "License"); you may<br>

#    not use this file except in compliance with the License. You may obtain<br>

#    a copy of the License at<br>

#<br>

#         <a href="http://www.apache.org/licenses/LICENSE-2.0">http://www.apache.org/licenses/LICENSE-2.0</a><br>

#<br>

#    Unless required by applicable law or agreed to in writing, software<br>

#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT<br>

#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the<br>

#    License for the specific language governing permissions and limitations<br>

#    under the License.<br>

<br>

import logging<br>

import os<br>

<br>

from paste import deploy<br>

<br>

from keystone.openstack.common import gettextutils<br>

<br>

# NOTE(blk-u):<br>

# gettextutils.install() must run to set _ before importing any modules that<br>

# contain static translated strings.<br>

gettextutils.install('keystone', lazy=True)<br>

<br>

from keystone.common import dependency<br>

from keystone.common import environment<br>

from keystone.common import sql<br>

from keystone import config<br>

from keystone.openstack.common import log<br>

from keystone import service<br>

<br>

<br>

CONF = config.CONF<br>

<br>

config.configure()<br>

sql.initialize()<br>

config.set_default_for_default_log_levels()<br>

<br>

CONF(project='keystone')<br>

config.setup_logging()<br>

<br>

environment.use_stdlib()<br>

name = os.path.basename(__file__)<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">if CONF.debug:<br>

    CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG)<br>

<br>

<br>

drivers = service.load_backends()<br>

<br>

# NOTE(ldbragst): 'application' is required in this context by WSGI spec.<br>

# The following is a reference to Python Paste Deploy documentation<br>

# <a href="http://pythonpaste.org/deploy/">http://pythonpaste.org/deploy/</a><br>

application = deploy.loadapp('config:%s' % config.find_paste_config(),<br>

                             name=name)<br>

<br>

dependency.resolve_future_dependencies()<br>

                                                               <o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">4) service apache2 restart<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">root@ubuntu1204:~# netstat -ntlp|grep 5000<br>

tcp        0      0 0.0.0.0:5000            0.0.0.0:*               LISTEN      23078/apache2<br>

root@ubuntu1204:~# netstat -ntlp|grep 35357<br>

tcp        0      0 0.0.0.0:35357           0.0.0.0:*               LISTEN      23078/apache2<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">5) source openstackrchttp with the following content:<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">export OS_TENANT_NAME=admin<br>

export OS_USERNAME=admin<br>

export OS_PASSWORD=admin<br>

export SERVICE_TOKEN=ADMIN<br>

export OS_AUTH_URL="<a href="http://10.65.235.39:5000/keystone/main">http://10.65.235.39:5000/keystone/main</a>"<br>

export SERVICE_ENDPOINT="<a href="http://10.65.235.39:35357/keystone/admin">http://10.65.235.39:35357/keystone/admin</a>"<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">6) keystone user-list<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).<br>

Unable to communicate with identity service: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><br>

<html><head><br>

<title>500 Internal Server Error</title><br>

</head><body><br>

<h1>Internal Server Error</h1><br>

<p>The server encountered an internal error or<br>

misconfiguration and was unable to complete<br>

your request.</p><br>

<p>Please contact the server administrator,<br>

 [no address given] and inform them of the time the error occurred,<br>

and anything you might have done that may have<br>

caused the error.</p><br>

<p>More information about this error may be available<br>

in the server error log.</p><br>

<hr><br>

<address>Apache/2.2.22 (Ubuntu) Server at 10.65.235.39 Port 35357</address><br>

</body></html><br>

. (HTTP 500)<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">What is lacking? What else should be done? If we will find a solution we can write a very clear document with steps to configure keystone with http authentication

 on ubuntu with openstack havana.<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Thanks a lot,<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Gabriel<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

<div>

<div>

<div>

<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">On Wednesday, February 19, 2014 6:54 PM, Dave Walker <<a href="mailto:email@daviey.com">email@daviey.com</a>> wrote:</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">Hi Staicu,<br>

<br>

Which release of Openstack are you using?<br>

  - The distro shouldn't really matter in this instance.<br>

What Auth method are you attempting to do through Apache?<br>

  - Simple Auth, Kerberos?<br>

What are you using in your dispatcher file (wsgi / fcgi plumbing)?<br>

What behaviour are you seeing?<br>

  - Is REMOTE_USER environ being set?<o:p></o:p></span></p>

<div id="yqtfd71596">

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>

On 19 February 2014 16:51, Staicu Gabriel <<a href="mailto:gabriel_staicu@yahoo.com">gabriel_staicu@yahoo.com</a>> wrote:<br>

> Hi,<br>

><br>

> Is there someone who did the keystone to delegate authentication to apache<br>

> on ubuntu/havana.<br>

> I have read these documents but nothing is clear:<br>

> <a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Installation_and_Configuration_Guide/Configuring_the_Identity_Service_to_Run_in_HTTPD.html" target="_blank">

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Installation_and_Configuration_Guide/Configuring_the_Identity_Service_to_Run_in_HTTPD.html</a><br>

> <a href="https://wiki.openstack.org/wiki/Talk:Keystone_in_HTTPD_on_RHEL6" target="_blank">

https://wiki.openstack.org/wiki/Talk:Keystone_in_HTTPD_on_RHEL6</a><br>

> <a href="http://docs.openstack.org/developer/keystone/apache-httpd.html" target="_blank">

http://docs.openstack.org/developer/keystone/apache-httpd.html</a><br>

><br>

> It seams like everyone is telling half of the truth....:)<br>

><br>

> Is there any other place where I could understand how you could do it on<br>

> ubuntu?<br>

><br>

> Thanks a lot,<br>

> Gabriel<o:p></o:p></span></p>

</div>

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>

><br>

> _______________________________________________<br>

> Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>

> Post to    : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>

> Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><o:p></o:p></span></p>

<div id="yqtfd77514">

<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>

><o:p></o:p></span></p>

</div>

<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>

</div>

</div>

</div>

</div>

</div>

</div>

</body>

</html>