Bug 1041961 - [RFE][keystone]: Keystone should use keystoneclient authtoken middleware
Summary: [RFE][keystone]: Keystone should use keystoneclient authtoken middleware
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: RFEs
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: RHOS Maint
QA Contact:
URL: https://blueprints.launchpad.net/keys...
Whiteboard: upstream_milestone_none upstream_stat...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-12 20:18 UTC by RHOS Integration
Modified: 2015-12-10 19:59 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-19 17:16:44 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description RHOS Integration 2013-12-12 20:18:44 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/use-keystoneclient.

Description:

Token checking/validating in keystone for authenticated functions is spread over a wide range of files, some which check admin, some which retrieve the token data some which actually authenticate and some which don't. 

This is ludicrous, we have auth token middleware that we provide to other applications, the authenticated sections of keystone should also rely on this mechanism. This would involve figuring out providing certificates to the middleware for pki tokens, properly understanding what requires authentication and at what level. This would hopefully also mean that we may not have a need to save the token metadata to the database, we could simply rely on the signed token passed to keystone in the way that other projects do and simply save token data for revocation purposes. 

Specification URL (additional information):

None
Note You need to log in before you can comment on or make changes to this bug.