Hi all, During the review of [1] I had a look at the tests that are related with external authentication (i.e. the usage of REMOTE_USER) in Keystone and I realised that there is a bunch of them that are setting "external" as one of the authentication methods. However, in keystone.auth.controllers there is an explicit call to the "external" methods whenever REMOTE_USER is set [2]. Should we call the external authentication only when "external" is set (i.e. in [3]) regardless of the REMOTE_USER presence in the context? [1] https://review.openstack.org/#/c/50362/ [2] https://github.com/openstack/keystone/blob/master/keystone/auth/controllers.py#L335 [3] https://github.com/openstack/keystone/blob/master/keystone/auth/controllers.py#L342 -- Álvaro López García aloga at ifca.unican.es Instituto de Física de Cantabria http://alvarolopez.github.io Ed. Juan Jordá, Campus UC tel: (+34) 942 200 969 Avda. de los Castros s/n 39005 Santander (SPAIN) _____________________________________________________________________ "Unix never says `please.'" -- Rob Pike