[openstack-dev] Testing keystone auth middleware

Dolph Mathews dolph.mathews at gmail.com
Fri May 3 20:11:32 UTC 2013


On Fri, May 3, 2013 at 2:30 PM, Bhandaru, Malini K <
malini.k.bhandaru at intel.com> wrote:

>  Hello Keystone gurus!****
>
> ** **
>
> We have a currently standalone wsgi application, barbican (key manager),
> and want to integrate with keystone for auth.****
>
> Followed the docs on this and have updated the api-paste.ini etc.  ****
>
> ** **
>
> In a typically use case, barbican will get an authenticated user request,
> thus the auth related headers in request will be****
>
> Appropriately populated. What do I need to stuff into request headers to
> mimic this?****
>
> Keystone is configured with PKI.****
>
> ** **
>
> headers = {'X-Auth-User': “nova”,****
>
>                    'X-Auth-Key': “secret”, ****
>
>                    'X-Auth-Project-Id': <service-project_id>}
>

I assume I got your questions answered in IRC, but for anyone else
interested, the headers to mimic are documented in auth_token:


https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/auth_token.py#L56


> ****
>
> ** **
>
> And making the http request with the above headers.****
>
> But I get a 401 unauthorized.****
>
> ** **
>
> Or ?? ****
>
> headers['X-User-Id'] = "nova"****
>
> headers['X-Tenant-Id'] = "service"****
>
> headers['X-Roles'] = "admin"****
>
> headers['X-Identity-Status'] = 'Confirmed'****
>
> ** **
>
> ** **
>
> The parameters below work when used as environment variables to use
> “keystone” cli to retriever user-list etc.****
>
> ** **
>
> [filter:keystone_authtoken] ****
>
> paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
> ****
>
> signing_dir = . ****
>
> auth_host = localhost****
>
> auth_port = 35357    ****
>
> auth_protocol = http ****
>
> admin_tenant_name = service ****
>
> admin_user = barbican****
>
> admin_password = secret****
>
> ** **
>
> ** **
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130503/b7ee3689/attachment.html>


More information about the OpenStack-dev mailing list