.Keystone 3 authentication is now supported
Red Hat Ceph Storage now supports OpenStack Keystone 3 authentication. As a result, users can use Keystone 3 to authenticate to the Ceph Object Gateway.
For details, see the https://access.redhat.com/documentation/en/red-hat-ceph-storage/2/single/using-keystone-to-authenticate-ceph-object-gateway-users[Using Keystone to Authenticate Ceph Object Gateway Users] guide.
1. Proposed title of this feature request
Request for keystone V3 support with RadosGW
2. Who is the customer behind the request? Daniel van der Ster
Account: National College of Ireland / Nci
Account #: 846298
TAM customer: no
SRM customer: no
Strategic: no
3. What is the nature and description of the request?
Would like integration between RadosGW and Keystone V3
4. Why does the customer need this?
Keystone can now support more rational user authentication protocols and deals with the concept of domains much better, service accounts now stay in an sql backed 'default' domain and multiple domains and protocols are now supported (ldap, saml, openid, adfs). non-default users are stored in an id_mapping table in the keystone database, with a userid that contains a domain id - keystone version 2 cannot decipher these tokens and therefore radosgw cannot see that the user has an acceptable role (Member, swiftoperator etc.)
5. Is there already an existing RFE upstream or in Red Hat Bugzilla?
http://tracker.ceph.com/issues/8052http://tracker.ceph.com/issues/13303
6. Is the sales team involved in this request and do they have any additional input?
No
7. List any affected packages or components.
OSP Juno on rhel 6.5
RHCS 1.2.3
Comment 2Ken Dreyer (Red Hat)
2015-10-21 21:42:36 UTC
*** Bug 1274082 has been marked as a duplicate of this bug. ***
Comment 12Ken Dreyer (Red Hat)
2016-05-10 20:35:10 UTC
*** Bug 1259258 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2016:1755
Comment 33Ken Dreyer (Red Hat)
2016-09-26 20:57:02 UTC
*** Bug 1335963 has been marked as a duplicate of this bug. ***
1. Proposed title of this feature request Request for keystone V3 support with RadosGW 2. Who is the customer behind the request? Daniel van der Ster Account: National College of Ireland / Nci Account #: 846298 TAM customer: no SRM customer: no Strategic: no 3. What is the nature and description of the request? Would like integration between RadosGW and Keystone V3 4. Why does the customer need this? Keystone can now support more rational user authentication protocols and deals with the concept of domains much better, service accounts now stay in an sql backed 'default' domain and multiple domains and protocols are now supported (ldap, saml, openid, adfs). non-default users are stored in an id_mapping table in the keystone database, with a userid that contains a domain id - keystone version 2 cannot decipher these tokens and therefore radosgw cannot see that the user has an acceptable role (Member, swiftoperator etc.) 5. Is there already an existing RFE upstream or in Red Hat Bugzilla? http://tracker.ceph.com/issues/8052 http://tracker.ceph.com/issues/13303 6. Is the sales team involved in this request and do they have any additional input? No 7. List any affected packages or components. OSP Juno on rhel 6.5 RHCS 1.2.3