Red Hat Bugzilla – Bug 1263015
[RFE] tokenless auth with x509 client cert
Last modified: 2016-04-26 17:50:05 EDT
This feature adds the ability for services to authenticate to Keystone with a X.509 client certificate, without needing to obtain a token from Keystone.
Upstream blueprint: https://blueprints.launchpad.net/keystone/+spec/keystone-tokenless-authz-with-x509-ssl-client-cert
Upstream spec: http://git.openstack.org/cgit/openstack/keystone-specs/tree/specs/liberty/keystone-tokenless-authz-with-x509-ssl-client-cert.rst
This hasn't support yet in keystonemiddleware (via keystoneauth), so it shouldn't work for the services.
We might test it for a regular user and make the calls via cURL.
This feature also relies in keystone to be running in httpd, which is not a reality yet for OSPD (and won't be for the 8 release).
Moving it to RHOS9, since httpd support will land in this release
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.