Bug 987685 - [RFE] Keystone with X509 authentication
[RFE] Keystone with X509 authentication
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone (Show other bugs)
4.0
Unspecified Unspecified
high Severity high
: Upstream M3
: 4.0
Assigned To: Adam Young
Jeremy Agee
http://docs.openstack.org/developer/k...
: FutureFeature
Depends On: 988934
Blocks: RHOS40RFE
  Show dependency treegraph
 
Reported: 2013-07-23 17:38 EDT by Adam Young
Modified: 2016-04-26 13:33 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-19 19:15:09 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Young 2013-07-23 17:38:58 EDT
Configure Keystone to run in Apache HTTPD and requires X509 Client Certificate authentication. Will require Dogtag or selfsigned certificates.
Comment 1 Dmitri Pal 2013-07-23 17:48:59 EDT
How to test see example here: http://docs.openstack.org/developer/keystone/external-auth.html
Comment 4 Adam Young 2013-07-31 19:25:40 EDT
This is a refinement of an earlier blueprint for handling REMOTE_USER, specific to using X509 Client side certificates.  The upstream commit was https://github.com/openstack/keystone/commit/e276d142541e2517484e5bc539a19a5495a1c679  but we did not explicitly test it.  I've added the url to configuring external auth in Keystone.
Comment 10 errata-xmlrpc 2013-12-19 19:15:09 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html

Note You need to log in before you can comment on or make changes to this bug.