[DEFAULT]
;delegated means we still allow unauthenticated requests through so the
;service can make the final decision on authentication
delay_auth_decision = 0

;where to find the OpenStack service (if not in local WSGI chain)
service_protocol = http
service_host = 127.0.0.1
service_port = 35357
;used to verify this component with the OpenStack service (or PAPIAuth)
service_pass = dTpw

;where to find x.509 client certificates
certfile = ../../ssl/certs/middleware-key.pem
keyfile = ../../ssl/certs/middleware-key.pem

[app:echo]
paste.app_factory = echo:app_factory

[pipeline:main]
pipeline =
    tokenauth
    echo

[filter:tokenauth]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
;where to find the token auth service
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://localhost:5000/
;Uncomment the following out for SSL connections
;auth_protocol = https
;auth_uri = https://localhost:5000/

;how to authenticate to the auth service for priviledged operations
;like validate token
admin_token = 999888777666

[filter:basicauth]
paste.filter_factory = keystone.middleware.auth_basic:filter_factory

[filter:openidauth]
paste.filter_factory = keystone.middleware.auth_openid:filter_factory