<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Helvetica;
        panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I haven’t used the Apache2 WSGI front end for Icehouse, but I did use it with Grizzly. The Keystone endpoints should not change. The following URLs are incorrect.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">export OS_AUTH_URL="<a href="http://10.65.235.39:5000/keystone/main">http://10.65.235.39:5000/keystone/main</a>"<br>
export SERVICE_ENDPOINT="<a href="http://10.65.235.39:35357/keystone/admin">http://10.65.235.39:35357/keystone/admin</a>"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Mark</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> Staicu Gabriel [mailto:gabriel_staicu@yahoo.com]
<br>
<b>Sent:</b> Thursday, February 20, 2014 1:38 AM<br>
<b>To:</b> Dave Walker; openstack@lists.openstack.org<br>
<b>Subject:</b> Re: [Openstack] keystone with external authentication using apache2 on havana/ubuntu1204<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Hi Dave,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Thanks a lot for you interest in helping me. I will try to answer your questions as good as I can:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">I am using havana release of the openstack. I am starting from default keystone authentication:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">This is my /etc/keystone/keystone.conf:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">[DEFAULT]<br>
log_file = keystone.log<br>
log_dir = /var/log/keystone<br>
[sql]<br>
connection = mysql://keystoneuser:keystonepass@153.65.235.39/keystone<br>
[identity]<br>
driver = keystone.identity.backends.sql.Identity<br>
[credential]<br>
driver = keystone.credential.backends.sql.Credential<br>
[trust]<br>
driver = keystone.trust.backends.sql.Trust<br>
[os_inherit]<br>
[catalog]<br>
driver = keystone.catalog.backends.sql.Catalog<br>
[endpoint_filter]<br>
[token]<br>
driver = keystone.token.backends.sql.Token<br>
[cache]<br>
[policy]<br>
driver = keystone.policy.backends.sql.Policy<br>
[ec2]<br>
driver = keystone.contrib.ec2.backends.kvs.Ec2<br>
[assignment]<br>
[oauth1]<br>
[ssl]<br>
[signing]<br>
[ldap]<br>
[auth]<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Then I am doing:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">service keystone start<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">source openstackrc<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">The content of openstackrc:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">export OS_TENANT_NAME=admin<br>
export OS_USERNAME=admin<br>
export OS_PASSWORD=admin<br>
export SERVICE_TOKEN=ADMIN<br>
export OS_AUTH_URL="<a href="http://10.65.235.39:5000/v2.0/">http://10.65.235.39:5000/v2.0/</a>"<br>
export SERVICE_ENDPOINT="<a href="http://10.65.235.39:35357/v2.0">http://10.65.235.39:35357/v2.0</a>"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">keystone user-list<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">root@ubuntu1204:~# keystone user-list<br>
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).<br>
+----------------------------------+------------+---------+-------------------+<br>
|                id                |    name    | enabled |       email       |<br>
+----------------------------------+------------+---------+-------------------+<br>
| 813a815b593f495c9a449f9c5c44625d |   admin    |   True  | <a href="mailto:admin@example.com">
admin@example.com</a> |<br>
| 7df8919856ec4072927d2523bceed5eb | ceilometer |   True  | <a href="mailto:admin@example.com">
admin@example.com</a> |<br>
| b6aae4b745484e3da6892b68a7e322f9 |   cinder   |   True  | <a href="mailto:admin@example.com">
admin@example.com</a> |<br>
| d08d5f5e515a4601b417a637cf690999 |    demo    |   True  |  <a href="mailto:demo@example.com">
demo@example.com</a> |<br>
| a3a5444d42b9462e8fcac9e3a10f2e60 |   glance   |   True  | <a href="mailto:admin@example.com">
admin@example.com</a> |<br>
| 1c1ab74a4a934273836f41999e2ac9fc |    heat    |   True  | <a href="mailto:admin@example.com">
admin@example.com</a> |<br>
| 823d9d20cbd8412887c3f6052eca720d |  neutron   |   True  | <a href="mailto:admin@example.com">
admin@example.com</a> |<br>
| e58d30815fac48209bf56441e1d5bb76 |    nova    |   True  | <a href="mailto:admin@example.com">
admin@example.com</a> |<br>
+----------------------------------+------------+---------+-------------------+<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"> keystone endpoint-list<br>
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).<br>
+----------------------------------+-----------+--------------------------------------------+--------------------------------------------+--------------------------------------------+----------------------------------+<br>
|                id                |   region  |                 publicurl                  |                internalurl                 |                  adminurl                  |            service_id            |<br>
+----------------------------------+-----------+--------------------------------------------+--------------------------------------------+--------------------------------------------+----------------------------------+<br>
| 05784027da8b4acb8489d0486faf9f61 |  myregion |  <a href="http://153.65.235.39:8773/services/cloud">
http://153.65.235.39:8773/services/cloud</a>  |  <a href="http://153.65.235.39:8773/services/cloud">
http://153.65.235.39:8773/services/cloud</a>  |  <a href="http://153.65.235.39:8773/services/admin">
http://153.65.235.39:8773/services/admin</a>  | 5bc96b5587aa4f12919f3a155b5713b0 |<br>
| 10a762a17a58478d8285c1ca6ed8344a |  myregion | <a href="http://153.65.235.39:8004/v1/$(tenant_id)s">
http://153.65.235.39:8004/v1/$(tenant_id)s</a> | <a href="http://153.65.235.39:8004/v1/$(tenant_id)s">
http://153.65.235.39:8004/v1/$(tenant_id)s</a> | <a href="http://153.65.235.39:8004/v1/$(tenant_id)s">
http://153.65.235.39:8004/v1/$(tenant_id)s</a> | 3308b160d21f4dac84b866063852a47a |<br>
| 23aff8a4b486423592ad877eb0eb29d2 |  myregion |       <a href="http://153.65.235.39:5000/v2.0">
http://153.65.235.39:5000/v2.0</a>       |       <a href="http://153.65.235.39:5000/v2.0">
http://153.65.235.39:5000/v2.0</a>       |      <a href="http://153.65.235.39:35357/v2.0">
http://153.65.235.39:35357/v2.0</a>       | c5196b9c3d5446bdb63ee3b8f40d67f7 |<br>
| 8e0ecafcf86e42c28f6431e9cd6b330b |  myregion | <a href="http://153.65.235.39:8774/v2/$(tenant_id)s">
http://153.65.235.39:8774/v2/$(tenant_id)s</a> | <a href="http://153.65.235.39:8774/v2/$(tenant_id)s">
http://153.65.235.39:8774/v2/$(tenant_id)s</a> | <a href="http://153.65.235.39:8774/v2/$(tenant_id)s">
http://153.65.235.39:8774/v2/$(tenant_id)s</a> | 4d7a03c577304e3381a3d08ba74a70dc |<br>
| aaa01a27723d4d4abfe65496d03e811e |  myregion | <a href="http://153.65.235.39:8776/v1/$(tenant_id)s">
http://153.65.235.39:8776/v1/$(tenant_id)s</a> | <a href="http://153.65.235.39:8776/v1/$(tenant_id)s">
http://153.65.235.39:8776/v1/$(tenant_id)s</a> | <a href="http://153.65.235.39:8776/v1/$(tenant_id)s">
http://153.65.235.39:8776/v1/$(tenant_id)s</a> | aed8babcd157477b827c7a2ce89a641c |<br>
| aebb4602fae143ef86d62de0c0bc5ba8 | regionOne |     <a href="http://153.65.235.39/keystone/main">
http://153.65.235.39/keystone/main</a>     |                                            |   
<a href="http://153.65.235.39/keystone/admin">http://153.65.235.39/keystone/admin</a>     | c5196b9c3d5446bdb63ee3b8f40d67f7 |<br>
| c5169966464140c69fe8c244659ad932 |  myregion |         <a href="http://153.65.235.39:9696/">
http://153.65.235.39:9696/</a>         |         <a href="http://153.65.235.39:9696/">
http://153.65.235.39:9696/</a>         |         <a href="http://153.65.235.39:9696/">
http://153.65.235.39:9696/</a>         | a7a32598413a435687e9919c6add1647 |<br>
| d5b7a1f9f7bf417295f7b1e9e34f0a26 |  myregion |        <a href="http://153.65.235.39:8000/v1">
http://153.65.235.39:8000/v1</a>        |        <a href="http://153.65.235.39:8000/v1">
http://153.65.235.39:8000/v1</a>        |        <a href="http://153.65.235.39:8000/v1">
http://153.65.235.39:8000/v1</a>        | 43f4318c522646c2bdd44d6e9e09edfe |<br>
| ecc1cd7cbad8461281181a879286c2bf |  myregion |        <a href="http://153.65.235.39:9292/v2">
http://153.65.235.39:9292/v2</a>        |        <a href="http://153.65.235.39:9292/v2">
http://153.65.235.39:9292/v2</a>        |        <a href="http://153.65.235.39:9292/v2">
http://153.65.235.39:9292/v2</a>        | 6bd3e90b00a743cfa4a94050f87319aa |<br>
| fe815ceefd0544f2abd16c484cab1b27 |  myregion |         <a href="http://153.65.235.39:8777">
http://153.65.235.39:8777</a>          |         <a href="http://153.65.235.39:8777">
http://153.65.235.39:8777</a>          |         <a href="http://153.65.235.39:8777">
http://153.65.235.39:8777</a>          | 4aa31f280a1e40888d45119c02149a01 |<br>
+----------------------------------+-----------+--------------------------------------------+--------------------------------------------+--------------------------------------------+----------------------------------+<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">keystone service-list<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"> keystone service-list<br>
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).<br>
+----------------------------------+------------+----------------+----------------------------------+<br>
|                id                |    name    |      type      |           description            |<br>
+----------------------------------+------------+----------------+----------------------------------+<br>
| 4aa31f280a1e40888d45119c02149a01 | ceilometer |    metering    |    openstack metering service    |<br>
| aed8babcd157477b827c7a2ce89a641c |   cinder   |     volume     |     openstack volume service     |<br>
| 5bc96b5587aa4f12919f3a155b5713b0 |    ec2     |      ec2       |           ec2 service            |<br>
| 6bd3e90b00a743cfa4a94050f87319aa |   glance   |     image      |     openstack image service      |<br>
| 3308b160d21f4dac84b866063852a47a |    heat    | orchestration  | openstack orchestration service  |<br>
| 43f4318c522646c2bdd44d6e9e09edfe |  heat-cfn  | cloudformation | openstack cloudformation service |<br>
| c5196b9c3d5446bdb63ee3b8f40d67f7 |  keystone  |    identity    |    openstack identity service    |<br>
| a7a32598413a435687e9919c6add1647 |  neutron   |    network     |   openstack networking service   |<br>
| 4d7a03c577304e3381a3d08ba74a70dc |    nova    |    compute     |    openstack compute service     |<br>
+----------------------------------+------------+----------------+----------------------------------+<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">So this means that normal configuration works ok.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Now I will try to configure http authentication and the steps that I am using are the following:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">1) service keystone stop<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">2) create the file /etc/apache2/conf.d/wsgi-keystone.conf with the following content:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Listen 5000<br>
<VirtualHost *:5000><br>
WSGIScriptAlias /keystone/main /var/www/cgi-bin/keystone/main<br>
</VirtualHost><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Listen 35357<br>
<VirtualHost *:35357><br>
WSGIScriptAlias /keystone/admin /var/www/cgi-bin/keystone/admin<br>
</VirtualHost><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">3) Both /var/www/cgi-bin/keystone/main and /var/www/cgi-bin/keystone/admin have the following content:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"># Copyright 2013 OpenStack Foundation<br>
#<br>
#    Licensed under the Apache License, Version 2.0 (the "License"); you may<br>
#    not use this file except in compliance with the License. You may obtain<br>
#    a copy of the License at<br>
#<br>
#         <a href="http://www.apache.org/licenses/LICENSE-2.0">http://www.apache.org/licenses/LICENSE-2.0</a><br>
#<br>
#    Unless required by applicable law or agreed to in writing, software<br>
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT<br>
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the<br>
#    License for the specific language governing permissions and limitations<br>
#    under the License.<br>
<br>
import logging<br>
import os<br>
<br>
from paste import deploy<br>
<br>
from keystone.openstack.common import gettextutils<br>
<br>
# NOTE(blk-u):<br>
# gettextutils.install() must run to set _ before importing any modules that<br>
# contain static translated strings.<br>
gettextutils.install('keystone', lazy=True)<br>
<br>
from keystone.common import dependency<br>
from keystone.common import environment<br>
from keystone.common import sql<br>
from keystone import config<br>
from keystone.openstack.common import log<br>
from keystone import service<br>
<br>
<br>
CONF = config.CONF<br>
<br>
config.configure()<br>
sql.initialize()<br>
config.set_default_for_default_log_levels()<br>
<br>
CONF(project='keystone')<br>
config.setup_logging()<br>
<br>
environment.use_stdlib()<br>
name = os.path.basename(__file__)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">if CONF.debug:<br>
    CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG)<br>
<br>
<br>
drivers = service.load_backends()<br>
<br>
# NOTE(ldbragst): 'application' is required in this context by WSGI spec.<br>
# The following is a reference to Python Paste Deploy documentation<br>
# <a href="http://pythonpaste.org/deploy/">http://pythonpaste.org/deploy/</a><br>
application = deploy.loadapp('config:%s' % config.find_paste_config(),<br>
                             name=name)<br>
<br>
dependency.resolve_future_dependencies()<br>
                                                               <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">4) service apache2 restart<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">root@ubuntu1204:~# netstat -ntlp|grep 5000<br>
tcp        0      0 0.0.0.0:5000            0.0.0.0:*               LISTEN      23078/apache2<br>
root@ubuntu1204:~# netstat -ntlp|grep 35357<br>
tcp        0      0 0.0.0.0:35357           0.0.0.0:*               LISTEN      23078/apache2<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">5) source openstackrchttp with the following content:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">export OS_TENANT_NAME=admin<br>
export OS_USERNAME=admin<br>
export OS_PASSWORD=admin<br>
export SERVICE_TOKEN=ADMIN<br>
export OS_AUTH_URL="<a href="http://10.65.235.39:5000/keystone/main">http://10.65.235.39:5000/keystone/main</a>"<br>
export SERVICE_ENDPOINT="<a href="http://10.65.235.39:35357/keystone/admin">http://10.65.235.39:35357/keystone/admin</a>"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">6) keystone user-list<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).<br>
Unable to communicate with identity service: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><br>
<html><head><br>
<title>500 Internal Server Error</title><br>
</head><body><br>
<h1>Internal Server Error</h1><br>
<p>The server encountered an internal error or<br>
misconfiguration and was unable to complete<br>
your request.</p><br>
<p>Please contact the server administrator,<br>
 [no address given] and inform them of the time the error occurred,<br>
and anything you might have done that may have<br>
caused the error.</p><br>
<p>More information about this error may be available<br>
in the server error log.</p><br>
<hr><br>
<address>Apache/2.2.22 (Ubuntu) Server at 10.65.235.39 Port 35357</address><br>
</body></html><br>
. (HTTP 500)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">What is lacking? What else should be done? If we will find a solution we can write a very clear document with steps to configure keystone with http authentication
 on ubuntu with openstack havana.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Thanks a lot,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Gabriel<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">On Wednesday, February 19, 2014 6:54 PM, Dave Walker <<a href="mailto:email@daviey.com">email@daviey.com</a>> wrote:</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">Hi Staicu,<br>
<br>
Which release of Openstack are you using?<br>
  - The distro shouldn't really matter in this instance.<br>
What Auth method are you attempting to do through Apache?<br>
  - Simple Auth, Kerberos?<br>
What are you using in your dispatcher file (wsgi / fcgi plumbing)?<br>
What behaviour are you seeing?<br>
  - Is REMOTE_USER environ being set?<o:p></o:p></span></p>
<div id="yqtfd71596">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>
On 19 February 2014 16:51, Staicu Gabriel <<a href="mailto:gabriel_staicu@yahoo.com">gabriel_staicu@yahoo.com</a>> wrote:<br>
> Hi,<br>
><br>
> Is there someone who did the keystone to delegate authentication to apache<br>
> on ubuntu/havana.<br>
> I have read these documents but nothing is clear:<br>
> <a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Installation_and_Configuration_Guide/Configuring_the_Identity_Service_to_Run_in_HTTPD.html" target="_blank">
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Installation_and_Configuration_Guide/Configuring_the_Identity_Service_to_Run_in_HTTPD.html</a><br>
> <a href="https://wiki.openstack.org/wiki/Talk:Keystone_in_HTTPD_on_RHEL6" target="_blank">
https://wiki.openstack.org/wiki/Talk:Keystone_in_HTTPD_on_RHEL6</a><br>
> <a href="http://docs.openstack.org/developer/keystone/apache-httpd.html" target="_blank">
http://docs.openstack.org/developer/keystone/apache-httpd.html</a><br>
><br>
> It seams like everyone is telling half of the truth....:)<br>
><br>
> Is there any other place where I could understand how you could do it on<br>
> ubuntu?<br>
><br>
> Thanks a lot,<br>
> Gabriel<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>
><br>
> _______________________________________________<br>
> Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> Post to    : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
> Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><o:p></o:p></span></p>
<div id="yqtfd77514">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>
><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>