45 lines
1.2 KiB
INI
45 lines
1.2 KiB
INI
[DEFAULT]
|
|
;delegated means we still allow unauthenticated requests through so the
|
|
;service can make the final decision on authentication
|
|
delay_auth_decision = 0
|
|
|
|
;where to find the OpenStack service (if not in local WSGI chain)
|
|
service_protocol = http
|
|
service_host = 127.0.0.1
|
|
service_port = 35357
|
|
;used to verify this component with the OpenStack service (or PAPIAuth)
|
|
service_pass = dTpw
|
|
|
|
;where to find x.509 client certificates
|
|
certfile = ../../ssl/certs/middleware-key.pem
|
|
keyfile = ../../ssl/certs/middleware-key.pem
|
|
|
|
[app:echo]
|
|
paste.app_factory = echo:app_factory
|
|
|
|
[pipeline:main]
|
|
pipeline =
|
|
tokenauth
|
|
echo
|
|
|
|
[filter:tokenauth]
|
|
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
|
;where to find the token auth service
|
|
auth_host = 127.0.0.1
|
|
auth_port = 35357
|
|
auth_protocol = http
|
|
auth_uri = http://localhost:5000/
|
|
;Uncomment the following out for SSL connections
|
|
;auth_protocol = https
|
|
;auth_uri = https://localhost:5000/
|
|
|
|
;how to authenticate to the auth service for priviledged operations
|
|
;like validate token
|
|
admin_token = 999888777666
|
|
|
|
[filter:basicauth]
|
|
paste.filter_factory = keystone.middleware.auth_basic:filter_factory
|
|
|
|
[filter:openidauth]
|
|
paste.filter_factory = keystone.middleware.auth_openid:filter_factory
|