diff --git a/src/lib/charm/openstack/barbican.py b/src/lib/charm/openstack/barbican.py
index db2def8..d66eda9 100644
--- a/src/lib/charm/openstack/barbican.py
+++ b/src/lib/charm/openstack/barbican.py
@@ -58,26 +58,26 @@ def validate_keystone_api_version(config):
 @charms_openstack.adapters.config_property
 def barbican_api_keystone_pipeline(config):
     if config.keystone_api_version == "2":
-        return 'cors keystone_authtoken context apiapp'
+        return 'cors http_proxy_to_wsgi keystone_authtoken context apiapp'
     else:
-        return 'cors keystone_v3_authtoken context apiapp'
+        return 'cors http_proxy_to_wsgi keystone_v3_authtoken context apiapp'
 
 
 @charms_openstack.adapters.config_property
 def barbican_api_pipeline(config):
     return {
-        "2": "cors keystone_authtoken context apiapp",
-        "3": "cors keystone_v3_authtoken context apiapp",
-        "none": "cors unauthenticated-context apiapp"
+        "2": "cors http_proxy_to_wsgi keystone_authtoken context apiapp",
+        "3": "cors http_proxy_to_wsgi keystone_v3_authtoken context apiapp",
+        "none": "cors http_proxy_to_wsgi unauthenticated-context apiapp"
     }[config.keystone_api_version]
 
 
 @charms_openstack.adapters.config_property
 def barbican_api_keystone_audit_pipeline(config):
     if config.keystone_api_version == "2":
-        return 'keystone_authtoken context audit apiapp'
+        return 'http_proxy_to_wsgi keystone_authtoken context audit apiapp'
     else:
-        return 'keystone_v3_authtoken context audit apiapp'
+        return 'http_proxy_to_wsgi keystone_v3_authtoken context audit apiapp'
 
 
 # Adapt the barbican-hsm-plugin relation for use in rendering the config
diff --git a/src/templates/mitaka/barbican-api-paste.ini b/src/templates/mitaka/barbican-api-paste.ini
index 94c0fff..fa1998b 100644
--- a/src/templates/mitaka/barbican-api-paste.ini
+++ b/src/templates/mitaka/barbican-api-paste.ini
@@ -5,7 +5,7 @@ use = egg:Paste#urlmap
 
 # Use this pipeline for Barbican API - versions no authentication
 [pipeline:barbican_version]
-pipeline = cors versionapp
+pipeline = cors http_proxy_to_wsgi versionapp
 
 # Use this pipeline for Barbican API - DEFAULT no authentication
 [pipeline:barbican_api]
@@ -15,7 +15,7 @@ pipeline = {{ options.barbican_api_pipeline }}
 #Use this pipeline to activate a repoze.profile middleware and HTTP port,
 #  to provide profiling information for the REST API processing.
 [pipeline:barbican-profile]
-pipeline = cors unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp
+pipeline = cors http_proxy_to_wsgi unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp
 
 #Use this pipeline for keystone auth
 [pipeline:barbican-api-keystone]
@@ -87,3 +87,6 @@ unwind = false
 [filter:cors]
 paste.filter_factory = oslo_middleware.cors:filter_factory
 oslo_config_project = barbican
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory
diff --git a/unit_tests/test_lib_charm_openstack_barbican.py b/unit_tests/test_lib_charm_openstack_barbican.py
index 27d0f26..5a92b3b 100644
--- a/unit_tests/test_lib_charm_openstack_barbican.py
+++ b/unit_tests/test_lib_charm_openstack_barbican.py
@@ -43,32 +43,39 @@ class TestCustomProperties(Helper):
     def test_barbican_api_keystone_pipeline(self):
         config = mock.MagicMock()
         config.keystone_api_version = '2'
-        self.assertEqual(barbican.barbican_api_keystone_pipeline(config),
-                         'cors keystone_authtoken context apiapp')
+        self.assertEqual(
+            barbican.barbican_api_keystone_pipeline(config),
+            'cors http_proxy_to_wsgi keystone_authtoken context apiapp')
         config.keystone_api_version = ''
-        self.assertEqual(barbican.barbican_api_keystone_pipeline(config),
-                         'cors keystone_v3_authtoken context apiapp')
+        self.assertEqual(
+            barbican.barbican_api_keystone_pipeline(config),
+            'cors http_proxy_to_wsgi keystone_v3_authtoken context apiapp')
 
     def test_barbican_api_pipeline(self):
         config = mock.MagicMock()
         config.keystone_api_version = '2'
-        self.assertEqual(barbican.barbican_api_pipeline(config),
-                         'cors keystone_authtoken context apiapp')
+        self.assertEqual(
+            barbican.barbican_api_pipeline(config),
+            'cors http_proxy_to_wsgi keystone_authtoken context apiapp')
         config.keystone_api_version = '3'
-        self.assertEqual(barbican.barbican_api_pipeline(config),
-                         'cors keystone_v3_authtoken context apiapp')
+        self.assertEqual(
+            barbican.barbican_api_pipeline(config),
+            'cors http_proxy_to_wsgi keystone_v3_authtoken context apiapp')
         config.keystone_api_version = 'none'
-        self.assertEqual(barbican.barbican_api_pipeline(config),
-                         'cors unauthenticated-context apiapp')
+        self.assertEqual(
+            barbican.barbican_api_pipeline(config),
+            'cors http_proxy_to_wsgi unauthenticated-context apiapp')
 
     def test_barbican_api_keystone_audit_pipeline(self):
         config = mock.MagicMock()
         config.keystone_api_version = '2'
-        self.assertEqual(barbican.barbican_api_keystone_audit_pipeline(config),
-                         'keystone_authtoken context audit apiapp')
+        self.assertEqual(
+            barbican.barbican_api_keystone_audit_pipeline(config),
+            'http_proxy_to_wsgi keystone_authtoken context audit apiapp')
         config.keystone_api_version = ''
-        self.assertEqual(barbican.barbican_api_keystone_audit_pipeline(config),
-                         'keystone_v3_authtoken context audit apiapp')
+        self.assertEqual(
+            barbican.barbican_api_keystone_audit_pipeline(config),
+            'http_proxy_to_wsgi keystone_v3_authtoken context audit apiapp')
 
 
 class TestHSMProperties(Helper):