Bug 1263015 - [RFE] tokenless auth with x509 client cert
[RFE] tokenless auth with x509 client cert
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone (Show other bugs)
8.0 (Liberty)
Unspecified Unspecified
low Severity low
: beta
: 8.0 (Liberty)
Assigned To: Nathan Kinder
Rodrigo Duarte
: FutureFeature
Depends On:
Blocks: 1296011
  Show dependency treegraph
Reported: 2015-09-14 18:17 EDT by Nathan Kinder
Modified: 2016-04-26 17:50 EDT (History)
8 users (show)

See Also:
Fixed In Version: openstack-keystone-8.0.0-1.el7ost
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-04-07 17:08:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nathan Kinder 2015-09-14 18:17:48 EDT
This feature adds the ability for services to authenticate to Keystone with a X.509 client certificate, without needing to obtain a token from Keystone.

Upstream blueprint: https://blueprints.launchpad.net/keystone/+spec/keystone-tokenless-authz-with-x509-ssl-client-cert

Upstream spec: http://git.openstack.org/cgit/openstack/keystone-specs/tree/specs/liberty/keystone-tokenless-authz-with-x509-ssl-client-cert.rst
Comment 6 Rodrigo Duarte 2016-02-19 14:25:19 EST
This hasn't support yet in keystonemiddleware (via keystoneauth), so it shouldn't work for the services.

We might test it for a regular user and make the calls via cURL.
Comment 8 Rodrigo Duarte 2016-04-05 11:04:50 EDT
This feature also relies in keystone to be running in httpd, which is not a reality yet for OSPD (and won't be for the 8 release).
Comment 9 nlevinki 2016-04-06 02:49:03 EDT
Moving it to RHOS9, since httpd support will land in this release
Comment 11 errata-xmlrpc 2016-04-07 17:08:38 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.