Bug 1126865 - Cannot Use existing auth plugins with new methods
Summary: Cannot Use existing auth plugins with new methods
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone
Version: 5.0 (RHEL 6)
Hardware: Unspecified
OS: Unspecified
Target Milestone: z3
: 6.0 (Juno)
Assignee: Adam Young
QA Contact: Mike Abrams
Depends On:
Blocks: 1126594
TreeView+ depends on / blocked
Reported: 2014-08-05 13:35 UTC by Nathan Kinder
Modified: 2016-04-26 15:33 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-04-08 17:30:29 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Launchpad 1343709 0 None None None Never
OpenStack gerrit 107873 0 None None None Never

Description Nathan Kinder 2014-08-05 13:35:10 UTC
Auth plugins hard code the "method" that is used to name them in the config file. This prevents reuse, and forces a new Plugin for each mod_auth mechanism in Apache HTTPD. Since there is already a handful of "external" plugins, we will have a cross-preoduct of auth plugins; one for each mechanism X mapping scheme.

This was discussed at the Hackathon

From: https://etherpad.openstack.org/p/keystone-juno-hackathon

Remove method name from auth plugins (so the method name is owned by keystone.conf)

One place where this shows up is that the "kerberos" method requires a new AuthPlugin for existing functionality, such as using the Default Domain. The same is true for SAML, or OpenID connect.

Comment 4 Lon Hohberger 2015-04-08 17:30:29 UTC
This has been fixed since GA of Red Hat Enterprise Linux OpenStack Platform 6.

Note You need to log in before you can comment on or make changes to this bug.