Configure Keystone to run in Apache HTTPD and requires X509 Client Certificate authentication. Will require Dogtag or selfsigned certificates.
How to test see example here: http://docs.openstack.org/developer/keystone/external-auth.html
This is a refinement of an earlier blueprint for handling REMOTE_USER, specific to using X509 Client side certificates. The upstream commit was https://github.com/openstack/keystone/commit/e276d142541e2517484e5bc539a19a5495a1c679 but we did not explicitly test it. I've added the url to configuring external auth in Keystone.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1859.html