Is this caching similar to OSSN-0032? https://wiki.openstack.org/wiki/OSSN/OSSN-0032 -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1434034 Title: Disabling users & groups may not invalidate previously-issued tokens Status in OpenStack Identity (Keystone): In Progress Status in Keystone juno series: In Progress Status in OpenStack Security Advisories: Confirmed Status in OpenStack Security Notes: New Bug description: Even if the user is disabled, can use the last token is validated. 0. user foo is enable 1. get token (a) 2. user foo is disabled 3. foo can still use any APIs by token(a) that's all. This issue is not cache process. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1434034/+subscriptions