You could probably use trusts, but that would require you to update your application https://wiki.openstack.org/wiki/Keystone/Trusts -- Kirill Zaitsev Murano team Software Engineer Mirantis, Inc On 19 November 2015 at 06:41:15, Adam Young (ayoung at redhat.com) wrote: On 11/18/2015 03:40 AM, ESWAR RAO wrote: Hi All, I have an application which does some HEAT transactions of creating stack,polling for it and updating stack in a loop. In my setup, /etc/keystone/keystone.conf has below settings: expiration=3600 But my transaction loop takes more than 1 hr and AUTH token is expired in between and I am getting : Exception in heat start task for stack jsm-e08dceac-71fe-48e8-817e-93ec78881827 of network service e08dceac-71fe-48e8-817e-93ec78881827 due to ERROR: Authentication failed.Please try again with option --include-password or export HEAT_INCLUDE_PASSWORD=1 Is there any means of making the auth-token not getting expired instead of changing expiration time in keystone conf ?? No. It has been a long lived discussion, and the solution is still not agreed on. The goal is to avoid long lived tokens, but properly scope delegation across long workflow. Thanks Eswar _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack at lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack at lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151123/d1424ec9/attachment.html>