Bug 1041958 - [RFE][keystone]: Store the token HASH in Secure Cookie for HTML clients
Summary: [RFE][keystone]: Store the token HASH in Secure Cookie for HTML clients
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: RFEs
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: RHOS Maint
QA Contact:
URL: https://blueprints.launchpad.net/keys...
Whiteboard: upstream_milestone_none upstream_stat...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-12 20:17 UTC by RHOS Integration
Modified: 2015-07-22 17:59 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-19 17:06:04 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description RHOS Integration 2013-12-12 20:17:43 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/tokens-in-secure-cookie.

Description:

In order to implement HATEOAS, Keystone clients will need to be able to authenticate, and to have the authentication stick across multiple requests.  Passing it in a custom Header does not work with web browsers.

If the HTML request specifies an accepted content type of  HTML or XHTML,  the token HASH should be stored in a secure Cookie.  Additional requests to Keystone will then check for the presence and validity of the HASH in order  to continue to authenticate  the user requests.

Only unscoped token issued will be stored in the Secure cookies.
Requesting an additional unscoped token will replace the unscope token in the the cookie, but will not extend the lifetime unless it is accompanied by valid credentials used to issue a token in the first place.




Specification URL (additional information):

None
Note You need to log in before you can comment on or make changes to this bug.