diff --git a/heat/common/context.py b/heat/common/context.py
index bd9aa1dcc9..35bc516ee3 100644
--- a/heat/common/context.py
+++ b/heat/common/context.py
@@ -28,7 +28,7 @@ import six
 from heat.common import config
 from heat.common import endpoint_utils
 from heat.common import exception
-from heat.common.i18n import _LE, _LW
+from heat.common.i18n import _LE
 from heat.common import policy
 from heat.common import wsgi
 from heat.db.sqlalchemy import api as db_api
@@ -242,33 +242,16 @@ class RequestContext(context.RequestContext):
 
     @property
     def trusts_auth_plugin(self):
-        if self._trusts_auth_plugin:
-            return self._trusts_auth_plugin
+        if not self._trusts_auth_plugin:
+            self._trusts_auth_plugin = ks_loading.load_auth_from_conf_options(
+                cfg.CONF, TRUSTEE_CONF_GROUP, trust_id=self.trust_id)
 
-        self._trusts_auth_plugin = ks_loading.load_auth_from_conf_options(
-            cfg.CONF, TRUSTEE_CONF_GROUP, trust_id=self.trust_id)
+        if not self._trusts_auth_plugin:
+            LOG.error(_LE('Please add the trustee credentials you need '
+                          'to the %s section of your heat.conf file.'),
+                      TRUSTEE_CONF_GROUP)
+            raise exception.AuthorizationFailure()
 
-        if self._trusts_auth_plugin:
-            return self._trusts_auth_plugin
-
-        LOG.warning(_LW('Using the keystone_authtoken user as the heat '
-                        'trustee user directly is deprecated. Please add the '
-                        'trustee credentials you need to the %s section of '
-                        'your heat.conf file.') % TRUSTEE_CONF_GROUP)
-
-        cfg.CONF.import_group('keystone_authtoken',
-                              'keystonemiddleware.auth_token')
-
-        trustee_user_domain = 'default'
-        if 'user_domain_id' in cfg.CONF.keystone_authtoken:
-            trustee_user_domain = cfg.CONF.keystone_authtoken.user_domain_id
-
-        self._trusts_auth_plugin = generic.Password(
-            username=cfg.CONF.keystone_authtoken.admin_user,
-            password=cfg.CONF.keystone_authtoken.admin_password,
-            user_domain_id=trustee_user_domain,
-            auth_url=self.keystone_v3_endpoint,
-            trust_id=self.trust_id)
         return self._trusts_auth_plugin
 
     def _create_auth_plugin(self):
diff --git a/heat/tests/test_common_context.py b/heat/tests/test_common_context.py
index 9109dd9610..a08a10b3a6 100644
--- a/heat/tests/test_common_context.py
+++ b/heat/tests/test_common_context.py
@@ -13,6 +13,7 @@
 
 import os
 
+from keystoneauth1 import loading as ks_loading
 import mock
 from oslo_config import cfg
 from oslo_config import fixture as config_fixture
@@ -144,9 +145,6 @@ class TestRequestContext(common.HeatTestCase):
         """
         cfg.CONF.set_override('auth_uri', 'http://xyz',
                               group='clients_keystone', enforce_type=True)
-        importutils.import_module('keystonemiddleware.auth_token')
-        cfg.CONF.set_override('auth_uri', 'http://abc/v2.0',
-                              group='keystone_authtoken', enforce_type=True)
         policy_check = 'heat.common.policy.Enforcer.check_is_admin'
         with mock.patch(policy_check) as pc:
             pc.return_value = False
@@ -188,27 +186,13 @@ class TestRequestContext(common.HeatTestCase):
             self.assertRaises(exception.AuthorizationFailure, getattr, ctx,
                               'keystone_v3_endpoint')
 
-    def test_create_trusts_auth_plugin_with_correct_user_domain_id(self):
-        importutils.import_module('keystonemiddleware.auth_token')
-        cfg.CONF.set_override('auth_uri', 'http://abc/v2.0',
-                              group='keystone_authtoken', enforce_type=True)
-        cfg.CONF.set_override('admin_user', 'heat',
-                              group='keystone_authtoken', enforce_type=True)
-        cfg.CONF.set_override('admin_password', 'password',
-                              group='keystone_authtoken', enforce_type=True)
-        policy_check = 'heat.common.policy.Enforcer.check_is_admin'
-        with mock.patch(policy_check) as pc:
-            pc.return_value = False
-            ctx = context.RequestContext(auth_url=None,
-                                         user_domain_id='non-default',
-                                         username='test')
-            with mock.patch('keystoneauth1.identity.generic.Password') as ps:
-                ctx.trusts_auth_plugin
-                ps.assert_called_once_with(username='heat',
-                                           password='password',
-                                           user_domain_id='default',
-                                           auth_url='http://abc/v3',
-                                           trust_id=None)
+    def test_get_trust_context_auth_plugin_unauthorized(self):
+        self.ctx['trust_id'] = 'trust_id'
+        ctx = context.RequestContext.from_dict(self.ctx)
+        self.patchobject(ks_loading, 'load_auth_from_conf_options',
+                         return_value=None)
+        self.assertRaises(exception.AuthorizationFailure, getattr,
+                          ctx, 'auth_plugin')
 
     def test_cache(self):
         ctx = context.RequestContext.from_dict(self.ctx)