diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index 492f0ac9..5d7a85df 100755
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -136,7 +136,7 @@ function configure_murano {
     #-------------------------
 
     # Setup keystone_authtoken section
-    iniset $MURANO_CONF_FILE keystone_authtoken auth_uri "http://${KEYSTONE_AUTH_HOST}:5000/v2.0"
+    iniset $MURANO_CONF_FILE keystone_authtoken auth_uri "http://${KEYSTONE_AUTH_HOST}:5000"
     iniset $MURANO_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
     iniset $MURANO_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
     iniset $MURANO_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
@@ -154,7 +154,7 @@ function configure_murano {
     iniset $MURANO_CONF_FILE database connection `database_connection_url murano`
 
     # Configure keystone auth url
-    iniset $MURANO_CONF_FILE keystone auth_url "http://${KEYSTONE_AUTH_HOST}:5000/v2.0"
+    iniset $MURANO_CONF_FILE keystone auth_url "http://${KEYSTONE_AUTH_HOST}:5000"
 
     # Configure Murano API URL
     iniset $MURANO_CONF_FILE murano url "http://127.0.0.1:8082"
@@ -179,7 +179,7 @@ function install_murano_apps() {
                 murano --os-username $OS_USERNAME \
                        --os-password $OS_PASSWORD \
                        --os-tenant-name $OS_PROJECT_NAME \
-                       --os-auth-url http://$KEYSTONE_AUTH_HOST:5000/v2.0 \
+                       --os-auth-url http://$KEYSTONE_AUTH_HOST:5000 \
                        --murano-url http://127.0.0.1:8082 \
                        package-import \
                        --is-public \
@@ -198,7 +198,7 @@ function configure_service_broker {
     iniset $MURANO_CONF_FILE cfapi tenant "$MURANO_CFAPI_DEFAULT_TENANT"
     iniset $MURANO_CONF_FILE cfapi bind_host "$MURANO_SERVICE_HOST"
     iniset $MURANO_CONF_FILE cfapi bind_port "$MURANO_CFAPI_SERVICE_PORT"
-    iniset $MURANO_CONF_FILE cfapi auth_url "http://${KEYSTONE_AUTH_HOST}:5000/v2.0"
+    iniset $MURANO_CONF_FILE cfapi auth_url "http://${KEYSTONE_AUTH_HOST}:5000"
 }
 
 
diff --git a/murano/api/middleware/ext_context.py b/murano/api/middleware/ext_context.py
index c40d4a56..788c09c4 100644
--- a/murano/api/middleware/ext_context.py
+++ b/murano/api/middleware/ext_context.py
@@ -14,7 +14,9 @@
 
 import base64
 
+from keystoneclient.auth.identity import v3
 from keystoneclient import exceptions
+from keystoneclient import session as ks_session
 from keystoneclient.v3 import client
 from oslo_config import cfg
 from oslo_log import log
@@ -33,11 +35,15 @@ class ExternalContextMiddleware(wsgi.Middleware):
         # section related to Cloud Foundry service broker is probably a duct
         # tape and should be rewritten as soon as we get more non-OpenStack
         # services as murano recipients.
-        keystone = client.Client(username=user,
-                                 password=password,
-                                 project_name=CONF.cfapi.tenant,
-                                 auth_url=CONF.cfapi.auth_url.replace(
-                                     'v2.0', 'v3'))
+
+        kwargs = {'auth_url': CONF.cfapi.auth_url.replace('v2.0', 'v3'),
+                  'username': user,
+                  'password': password,
+                  'project_name': CONF.cfapi.tenant}
+        password_auth = v3.Password(**kwargs)
+        session = ks_session.Session(auth=password_auth)
+        keystone = client.Client(session=session)
+
         return keystone.auth_token
 
     def process_request(self, req):
diff --git a/murano/tests/functional/engine/config.py b/murano/tests/functional/engine/config.py
index 36222b51..a086c6ba 100644
--- a/murano/tests/functional/engine/config.py
+++ b/murano/tests/functional/engine/config.py
@@ -21,7 +21,7 @@ murano_group = cfg.OptGroup(name='murano', title="murano")
 
 MuranoGroup = [
     cfg.StrOpt('auth_url',
-               default='http://127.0.0.1:5000/v2.0/',
+               default='http://127.0.0.1:5000',
                help="keystone url"),
     cfg.StrOpt('user',
                default='admin',
diff --git a/murano_tempest_tests/config.py b/murano_tempest_tests/config.py
index 012d1dad..bfa1041e 100644
--- a/murano_tempest_tests/config.py
+++ b/murano_tempest_tests/config.py
@@ -43,11 +43,6 @@ ApplicationCatalogGroup = [
                     "If no such region is found in the service catalog, "
                     "the first found one is used."),
 
-    cfg.StrOpt("identity_version",
-               default="v2",
-               help="Default identity version for "
-                    "REST client authentication."),
-
     cfg.StrOpt("catalog_type",
                default="application-catalog",
                help="Catalog type of Application Catalog."),
@@ -74,11 +69,6 @@ ServiceBrokerGroup = [
                default=False,
                help="Defines whether run service broker api tests or not"),
 
-    cfg.StrOpt("identity_version",
-               default="v2",
-               help="Default identity version for "
-                    "REST client authentication."),
-
     cfg.StrOpt("catalog_type",
                default="service-broker",
                help="Catalog type of Service Broker API"),
diff --git a/murano_tempest_tests/tests/api/application_catalog/base.py b/murano_tempest_tests/tests/api/application_catalog/base.py
index c1153690..79721dea 100644
--- a/murano_tempest_tests/tests/api/application_catalog/base.py
+++ b/murano_tempest_tests/tests/api/application_catalog/base.py
@@ -39,14 +39,13 @@ class BaseApplicationCatalogTest(test.BaseTestCase):
 
     @classmethod
     def get_configured_isolated_creds(cls, type_of_creds='admin'):
-
         identity_version = cls.get_identity_version()
         if identity_version == 'v3':
             cls.admin_role = CONF.identity.admin_role
         else:
             cls.admin_role = 'admin'
         cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider(
-            identity_version=CONF.application_catalog.identity_version,
+            identity_version=CONF.identity.auth_version,
             name=cls.__name__, admin_role=cls.admin_role,
             admin_creds=common_creds.get_configured_credentials(
                 'identity_admin'))
diff --git a/murano_tempest_tests/tests/api/service_broker/base.py b/murano_tempest_tests/tests/api/service_broker/base.py
index cbc2c50d..0ac1d7b9 100644
--- a/murano_tempest_tests/tests/api/service_broker/base.py
+++ b/murano_tempest_tests/tests/api/service_broker/base.py
@@ -34,7 +34,7 @@ class BaseServiceBrokerTest(test.BaseTestCase):
                                        type_of_creds="admin"):
 
         cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider(
-            identity_version=CONF.service_broker.identity_version,
+            identity_version=CONF.identity.auth_version,
             name=cls.__name__)
         if "admin" in type_of_creds:
             creds = cls.dynamic_cred.get_admin_creds()
diff --git a/releasenotes/notes/fix-1528452-0e3bcee9bba89ffa.yaml b/releasenotes/notes/fix-1528452-0e3bcee9bba89ffa.yaml
new file mode 100644
index 00000000..baf70050
--- /dev/null
+++ b/releasenotes/notes/fix-1528452-0e3bcee9bba89ffa.yaml
@@ -0,0 +1,3 @@
+fixes:
+  -Fixed incorrect murano behaviour if deployed on devstack with keystone v3 by
+   default.