openstack-manuals/doc/config-reference/source/tables/keystone-tokenless.rst
Gauvain Pocentek cce63f68aa [config-ref] Tables update
Change-Id: Ia766f93b9ce5b1560ebe37da65bd70be61a0fdd1
2016-03-19 08:34:45 +01:00

1.7 KiB

Description of Tokenless Authorization configuration options
Configuration option = Default value Description
[tokenless_auth]
issuer_attribute = SSL_CLIENT_I_DN (String) The issuer attribute that is served as an IdP ID for the X.509 tokenless authorization along with the protocol to look up its corresponding mapping. It is the environment variable in the WSGI environment that references to the issuer of the client certificate.
protocol = x509 (String) The protocol name for the X.509 tokenless authorization along with the option issuer_attribute below can look up its corresponding mapping.
trusted_issuer = [] (Multi-valued) The list of trusted issuers to further filter the certificates that are allowed to participate in the X.509 tokenless authorization. If the option is absent then no certificates will be allowed. The naming format for the attributes of a Distinguished Name(DN) must be separated by a comma and contain no spaces. This configuration option may be repeated for multiple values. For example: trusted_issuer=CN=john,OU=keystone,O=openstack trusted_issuer=CN=mary,OU=eng,O=abc