From 1bac1dfb0a71de4f28ca6aba36a39b1e4ca284d8 Mon Sep 17 00:00:00 2001
From: Steve Martinelli <stevemar@ca.ibm.com>
Date: Fri, 18 Sep 2015 03:13:43 -0400
Subject: [PATCH] check if tokenless auth is configured before validating

we could reduce the amount of logging that the tokenless
validation performs by simply checking if there are any
trusted issuers before proceeding.

Change-Id: Idcbddf7bf87ada18ee44ae31878201f41c499c7c
Closes-Bug: #1497132
---
 keystone/middleware/core.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/keystone/middleware/core.py b/keystone/middleware/core.py
index c065997e49..75be5b274e 100644
--- a/keystone/middleware/core.py
+++ b/keystone/middleware/core.py
@@ -262,6 +262,9 @@ class AuthContextMiddleware(wsgi.Middleware):
         :returns: True if client_issuer is trusted; otherwise False
         """
 
+        if not CONF.tokenless_auth.trusted_issuer:
+            return False
+
         client_issuer = env.get(CONF.tokenless_auth.issuer_attribute)
         if not client_issuer:
             msg = _LI('Cannot find client issuer in env by the '