[openstack-dev] [keystone] Configuring protected API functions to allow public access
K.W.S.Siu
K.W.S.Siu at kent.ac.uk
Tue Aug 12 10:44:02 UTC 2014
Hi All,
Correct me if I am wrong but I don't think you can configure the Keystone policy.json to allow public access to an API function, as far as I can tell you can allow access to any authenticated user regardless of role assignments but not public access.
My use case is a client which allows users to query for a list of supported identity providers / protocols so that the user can then select which provider to authenticate with - as the user is unauthenticated at the time of the query the request needs to allow public access to the 'List Identity Providers' API function.
I can remove the protected decorator from the required functions but this is a nasty hack.
I suggest that it should be possible to configure this kind of access rule on a deployment by deployment basis and I was just hoping to get some thoughts on this.
Many thanks,
Kristy
More information about the OpenStack-dev
mailing list