Bug 987685 - [RFE] Keystone with X509 authentication
Summary: [RFE] Keystone with X509 authentication
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone   
(Show other bugs)
Version: 4.0
Hardware: Unspecified Unspecified
Target Milestone: Upstream M3
: 4.0
Assignee: Adam Young
QA Contact: Jeremy Agee
URL: http://docs.openstack.org/developer/k...
Keywords: FutureFeature
Depends On: 988934
Blocks: RHOS40RFE
TreeView+ depends on / blocked
Reported: 2013-07-23 21:38 UTC by Adam Young
Modified: 2016-04-26 17:33 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-12-20 00:15:09 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2013:1859 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory 2013-12-21 00:01:48 UTC

Description Adam Young 2013-07-23 21:38:58 UTC
Configure Keystone to run in Apache HTTPD and requires X509 Client Certificate authentication. Will require Dogtag or selfsigned certificates.

Comment 1 Dmitri Pal 2013-07-23 21:48:59 UTC
How to test see example here: http://docs.openstack.org/developer/keystone/external-auth.html

Comment 4 Adam Young 2013-07-31 23:25:40 UTC
This is a refinement of an earlier blueprint for handling REMOTE_USER, specific to using X509 Client side certificates.  The upstream commit was https://github.com/openstack/keystone/commit/e276d142541e2517484e5bc539a19a5495a1c679  but we did not explicitly test it.  I've added the url to configuring external auth in Keystone.

Comment 10 errata-xmlrpc 2013-12-20 00:15:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.