OpenStack Identity (Keystone) Middleware

Go to file

Tim Burke da5932affc Respect delay_auth_decision when Keystone is unavailable The delay_auth_decision option has two main uses: 1. Allow a service to provide its own auth mechanism, separate from auth tokens (like Swift's tempurl middleware). 2. Allow a service to integrate with multiple auth middlewares which may want to use the same X-Auth-Token header. The first case works fine even when the service has trouble talking to Keystone -- the client doesn't send an X-Auth-Token header, so we never even attempt to contact Keystone. The second case can be problematic, however. The client will provide some token, and we don't know whether it's valid for Keystone, the other auth system, or neither. We have to try contacting Keystone, but if that was down we'd previously return a 503 without ever trying the other auth system. As a result, a Keystone failure results in a total system failure. Now, when delay_auth_decision is True and we cannot determine whether a token is valid or invalid, we'll instead declare the token invalid and defer the rejection. As a result, Keystone failures only affect Keystone users, and tokens issued by the other auth system may still be validated and used. Change-Id: Ie4b3319862ba7fbd329dc6883ce837e894d5270c		2018-09-11 07:54:43 -06:00
config-generator	generate sample config automatically	2016-05-12 06:38:40 +00:00
doc	Replace port 35357 with 5000	2018-07-20 13:57:04 +07:00
examples/pki	Remove empty files	2018-02-22 18:18:30 +07:00
keystonemiddleware	Respect delay_auth_decision when Keystone is unavailable	2018-09-11 07:54:43 -06:00
releasenotes	Respect delay_auth_decision when Keystone is unavailable	2018-09-11 07:54:43 -06:00
tools	Fix the doc CI failure	2018-04-20 17:07:10 +08:00
.coveragerc	Update .coveragerc after the removal of respective directory	2016-10-24 18:03:12 +05:30
.gitignore	Updates for stestr	2017-10-02 21:57:27 -05:00
.gitreview	Initial commit	2014-06-19 15:45:29 -07:00
.stestr.conf	Updates for stestr	2017-10-02 21:57:27 -05:00
.testr.conf	Common base class for unit tests	2015-06-07 10:37:27 -05:00
.zuul.yaml	add lib-forward-testing-python3 test job	2018-08-29 16:04:58 -04:00
CONTRIBUTING.rst	Use https for *.openstack.org references	2017-02-05 20:36:42 -08:00
HACKING.rst	Update URLs in documentation	2017-07-20 16:38:16 +08:00
LICENSE	Initial commit	2014-06-19 15:45:29 -07:00
README.rst	add releasenotes to readme.rst	2018-08-15 15:51:51 +08:00
babel.cfg	Initial commit	2014-06-19 15:45:29 -07:00
lower-constraints.txt	add lower-constraints job	2018-04-09 10:18:34 -04:00
requirements.txt	Updated from global requirements	2018-03-17 08:35:04 +00:00
setup.cfg	Follow the new PTI for document build	2018-06-06 15:22:22 +00:00
setup.py	Updated from global requirements	2017-04-06 22:03:25 +00:00
test-requirements.txt	Merge "Follow the new PTI for document build"	2018-06-06 22:13:59 +00:00
tox.ini	Merge "fix tox python3 overrides"	2018-06-07 00:00:12 +00:00

README.rst

Team and repository tags

Middleware for the OpenStack Identity API (Keystone)

This package contains middleware modules designed to provide authentication and authorization features to web services other than Keystone <https://github.com/openstack/keystone>. The most prominent module is keystonemiddleware.auth_token. This package does not expose any CLI or Python API features.

For information on contributing, see CONTRIBUTING.rst.

License: Apache License, Version 2.0
Documentation: https://docs.openstack.org/keystonemiddleware/latest/
Source: https://git.openstack.org/cgit/openstack/keystonemiddleware
Bugs: https://bugs.launchpad.net/keystonemiddleware
Release notes: https://docs.openstack.org/releasenotes/keystonemiddleware/

For any other information, refer to the parent project, Keystone:

https://github.com/openstack/keystone