1263015 – [RFE] tokenless auth with x509 client cert

Bug 1263015 - [RFE] tokenless auth with x509 client cert

Summary: [RFE] tokenless auth with x509 client cert

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-keystone
Sub Component:
Version:	8.0 (Liberty)
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	beta
Target Release:	8.0 (Liberty)
Assignee:	Nathan Kinder
QA Contact:	Rodrigo Duarte
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1296011
TreeView+	depends on / blocked

Reported:	2015-09-14 22:17 UTC by Nathan Kinder
Modified:	2023-02-22 23:02 UTC (History)
CC List:	7 users (show)
Fixed In Version:	openstack-keystone-8.0.0-1.el7ost
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-04-07 21:08:38 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2016:0603	0	normal	SHIPPED_LIVE	Red Hat OpenStack Platform 8 Enhancement Advisory	2016-04-08 00:53:53 UTC

Description Nathan Kinder 2015-09-14 22:17:48 UTC

This feature adds the ability for services to authenticate to Keystone with a X.509 client certificate, without needing to obtain a token from Keystone.

Upstream blueprint: https://blueprints.launchpad.net/keystone/+spec/keystone-tokenless-authz-with-x509-ssl-client-cert

Upstream spec: http://git.openstack.org/cgit/openstack/keystone-specs/tree/specs/liberty/keystone-tokenless-authz-with-x509-ssl-client-cert.rst

Comment 6 Rodrigo Duarte 2016-02-19 19:25:19 UTC

This hasn't support yet in keystonemiddleware (via keystoneauth), so it shouldn't work for the services.

We might test it for a regular user and make the calls via cURL.

Comment 8 Rodrigo Duarte 2016-04-05 15:04:50 UTC

This feature also relies in keystone to be running in httpd, which is not a reality yet for OSPD (and won't be for the 8 release).

Comment 9 nlevinki 2016-04-06 06:49:03 UTC

Moving it to RHOS9, since httpd support will land in this release

Comment 11 errata-xmlrpc 2016-04-07 21:08:38 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0603.html

Note You need to log in before you can comment on or make changes to this bug.