diff --git a/keystone/common/wsgi.py b/keystone/common/wsgi.py
index f8f96a7333..f570d5798d 100644
--- a/keystone/common/wsgi.py
+++ b/keystone/common/wsgi.py
@@ -600,15 +600,25 @@ class ExtensionRouter(Router):
 
 def render_response(body=None, status=None, headers=None):
     """Forms a WSGI response."""
-    headers = headers or []
+    if headers is None:
+        headers = []
+    else:
+        headers = list(headers)
     headers.append(('Vary', 'X-Auth-Token'))
 
     if body is None:
         body = ''
         status = status or (204, 'No Content')
     else:
-        body = jsonutils.dumps(body, cls=utils.SmarterEncoder)
-        headers.append(('Content-Type', 'application/json'))
+        content_types = [v for h, v in headers if h == 'Content-Type']
+        if content_types:
+            content_type = content_types[0]
+        else:
+            content_type = None
+        if content_type is None or content_type == 'application/json':
+            body = jsonutils.dumps(body, cls=utils.SmarterEncoder)
+            if content_type is None:
+                headers.append(('Content-Type', 'application/json'))
         status = status or (200, 'OK')
 
     return webob.Response(body=body,
diff --git a/keystone/tests/rest.py b/keystone/tests/rest.py
index a580695fb4..f181b975f6 100644
--- a/keystone/tests/rest.py
+++ b/keystone/tests/rest.py
@@ -169,9 +169,12 @@ class RestfulTestCase(tests.TestCase):
                 response.result = jsonutils.loads(response.body)
             elif content_type == 'xml':
                 response.result = etree.fromstring(response.body)
+            else:
+                response.result = response.body
 
     def restful_request(self, method='GET', headers=None, body=None,
-                        content_type=None, **kwargs):
+                        content_type=None, response_content_type=None,
+                        **kwargs):
         """Serializes/deserializes json/xml as request/response body.
 
         .. WARNING::
@@ -189,7 +192,8 @@ class RestfulTestCase(tests.TestCase):
         response = self.request(method=method, headers=headers, body=body,
                                 **kwargs)
 
-        self._from_content_type(response, content_type)
+        response_content_type = response_content_type or content_type
+        self._from_content_type(response, content_type=response_content_type)
 
         # we can save some code & improve coverage by always doing this
         if method != 'HEAD' and response.status_code >= 400:
diff --git a/keystone/tests/test_v3_oauth1.py b/keystone/tests/test_v3_oauth1.py
index 5f37510642..3d434471ef 100644
--- a/keystone/tests/test_v3_oauth1.py
+++ b/keystone/tests/test_v3_oauth1.py
@@ -249,7 +249,9 @@ class OAuthFlowTests(OAuth1Tests):
 
         url, headers = self._create_request_token(self.consumer,
                                                   self.project_id)
-        content = self.post(url, headers=headers)
+        content = self.post(
+            url, headers=headers,
+            response_content_type='application/x-www-urlformencoded')
         credentials = urllib.parse.parse_qs(content.result)
         request_key = credentials['oauth_token'][0]
         request_secret = credentials['oauth_token_secret'][0]
@@ -266,7 +268,9 @@ class OAuthFlowTests(OAuth1Tests):
         self.request_token.set_verifier(self.verifier)
         url, headers = self._create_access_token(self.consumer,
                                                  self.request_token)
-        content = self.post(url, headers=headers)
+        content = self.post(
+            url, headers=headers,
+            response_content_type='application/x-www-urlformencoded')
         credentials = urllib.parse.parse_qs(content.result)
         access_key = credentials['oauth_token'][0]
         access_secret = credentials['oauth_token_secret'][0]
@@ -510,7 +514,9 @@ class AuthTokenTests(OAuthFlowTests):
 
         url, headers = self._create_request_token(self.consumer,
                                                   self.project_id)
-        content = self.post(url, headers=headers)
+        content = self.post(
+            url, headers=headers,
+            response_content_type='application/x-www-urlformencoded')
         credentials = urllib.parse.parse_qs(content.result)
         request_key = credentials['oauth_token'][0]
         request_secret = credentials['oauth_token_secret'][0]
@@ -589,7 +595,9 @@ class MaliciousOAuth1Tests(OAuth1Tests):
         consumer_secret = consumer['secret']
         consumer = {'key': consumer_id, 'secret': consumer_secret}
         url, headers = self._create_request_token(consumer, self.project_id)
-        self.post(url, headers=headers)
+        self.post(
+            url, headers=headers,
+            response_content_type='application/x-www-urlformencoded')
         url = self._authorize_request_token(uuid.uuid4().hex)
         body = {'roles': [{'id': self.role_id}]}
         self.put(url, body=body, expected_status=404)
@@ -601,7 +609,9 @@ class MaliciousOAuth1Tests(OAuth1Tests):
         consumer = {'key': consumer_id, 'secret': consumer_secret}
 
         url, headers = self._create_request_token(consumer, self.project_id)
-        content = self.post(url, headers=headers)
+        content = self.post(
+            url, headers=headers,
+            response_content_type='application/x-www-urlformencoded')
         credentials = urllib.parse.parse_qs(content.result)
         request_key = credentials['oauth_token'][0]
         request_secret = credentials['oauth_token_secret'][0]
@@ -624,7 +634,9 @@ class MaliciousOAuth1Tests(OAuth1Tests):
         consumer = {'key': consumer_id, 'secret': consumer_secret}
 
         url, headers = self._create_request_token(consumer, self.project_id)
-        content = self.post(url, headers=headers)
+        content = self.post(
+            url, headers=headers,
+            response_content_type='application/x-www-urlformencoded')
         credentials = urllib.parse.parse_qs(content.result)
         request_key = credentials['oauth_token'][0]
 
@@ -646,7 +658,9 @@ class MaliciousOAuth1Tests(OAuth1Tests):
 
         url, headers = self._create_request_token(self.consumer,
                                                   self.project_id)
-        content = self.post(url, headers=headers)
+        content = self.post(
+            url, headers=headers,
+            response_content_type='application/x-www-urlformencoded')
         credentials = urllib.parse.parse_qs(content.result)
         request_key = credentials['oauth_token'][0]
         request_secret = credentials['oauth_token_secret'][0]
@@ -667,7 +681,9 @@ class MaliciousOAuth1Tests(OAuth1Tests):
 
         url, headers = self._create_request_token(self.consumer,
                                                   self.project_id)
-        content = self.post(url, headers=headers)
+        content = self.post(
+            url, headers=headers,
+            response_content_type='application/x-www-urlformencoded')
         credentials = urllib.parse.parse_qs(content.result)
         request_key = credentials['oauth_token'][0]
         request_secret = credentials['oauth_token_secret'][0]
@@ -682,7 +698,9 @@ class MaliciousOAuth1Tests(OAuth1Tests):
         self.request_token.set_verifier(self.verifier)
         url, headers = self._create_access_token(self.consumer,
                                                  self.request_token)
-        content = self.post(url, headers=headers)
+        content = self.post(
+            url, headers=headers,
+            response_content_type='application/x-www-urlformencoded')
         credentials = urllib.parse.parse_qs(content.result)
         access_key = credentials['oauth_token'][0]
         access_secret = credentials['oauth_token_secret'][0]