This feature adds the ability for services to authenticate to Keystone with a X.509 client certificate, without needing to obtain a token from Keystone. Upstream blueprint: https://blueprints.launchpad.net/keystone/+spec/keystone-tokenless-authz-with-x509-ssl-client-cert Upstream spec: http://git.openstack.org/cgit/openstack/keystone-specs/tree/specs/liberty/keystone-tokenless-authz-with-x509-ssl-client-cert.rst
This hasn't support yet in keystonemiddleware (via keystoneauth), so it shouldn't work for the services. We might test it for a regular user and make the calls via cURL.
This feature also relies in keystone to be running in httpd, which is not a reality yet for OSPD (and won't be for the 8 release).
Moving it to RHOS9, since httpd support will land in this release
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-0603.html