1126865 – Cannot Use existing auth plugins with new methods

Bug 1126865 - Cannot Use existing auth plugins with new methods

Summary: Cannot Use existing auth plugins with new methods

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-keystone
Sub Component:
Version:	5.0 (RHEL 6)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	z3
Target Release:	6.0 (Juno)
Assignee:	Adam Young
QA Contact:	Mike Abrams
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1126594
TreeView+	depends on / blocked

Reported:	2014-08-05 13:35 UTC by Nathan Kinder
Modified:	2023-02-22 23:02 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-04-08 17:30:29 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Launchpad	1343709	0	None	None	None	Never
OpenStack gerrit	107873	0	None	None	None	Never

Description Nathan Kinder 2014-08-05 13:35:10 UTC

Auth plugins hard code the "method" that is used to name them in the config file. This prevents reuse, and forces a new Plugin for each mod_auth mechanism in Apache HTTPD. Since there is already a handful of "external" plugins, we will have a cross-preoduct of auth plugins; one for each mechanism X mapping scheme.

This was discussed at the Hackathon

From: https://etherpad.openstack.org/p/keystone-juno-hackathon

Remove method name from auth plugins (so the method name is owned by keystone.conf)

One place where this shows up is that the "kerberos" method requires a new AuthPlugin for existing functionality, such as using the Default Domain. The same is true for SAML, or OpenID connect.

Comment 4 Lon Hohberger 2015-04-08 17:30:29 UTC

This has been fixed since GA of Red Hat Enterprise Linux OpenStack Platform 6.

Note You need to log in before you can comment on or make changes to this bug.