[openstack-dev] Testing keystone auth middleware
Bhandaru, Malini K
malini.k.bhandaru at intel.com
Fri May 3 19:30:11 UTC 2013
Hello Keystone gurus!
We have a currently standalone wsgi application, barbican (key manager), and want to integrate with keystone for auth.
Followed the docs on this and have updated the api-paste.ini etc.
In a typically use case, barbican will get an authenticated user request, thus the auth related headers in request will be
Appropriately populated. What do I need to stuff into request headers to mimic this?
Keystone is configured with PKI.
headers = {'X-Auth-User': "nova",
'X-Auth-Key': "secret",
'X-Auth-Project-Id': <service-project_id>}
And making the http request with the above headers.
But I get a 401 unauthorized.
Or ??
headers['X-User-Id'] = "nova"
headers['X-Tenant-Id'] = "service"
headers['X-Roles'] = "admin"
headers['X-Identity-Status'] = 'Confirmed'
The parameters below work when used as environment variables to use "keystone" cli to retriever user-list etc.
[filter:keystone_authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
signing_dir = .
auth_host = localhost
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = barbican
admin_password = secret
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130503/b052b8dd/attachment.html>
More information about the OpenStack-dev
mailing list