diff --git a/lib/puppet/provider/glance.rb b/lib/puppet/provider/glance.rb
index f08c1773..f8fec10b 100644
--- a/lib/puppet/provider/glance.rb
+++ b/lib/puppet/provider/glance.rb
@@ -9,7 +9,7 @@ class Puppet::Provider::Glance < Puppet::Provider
   end
 
   def self.get_glance_credentials
-    if glance_file and glance_file['keystone_authtoken'] and 
+    if glance_file and glance_file['keystone_authtoken'] and
       glance_file['keystone_authtoken']['auth_host'] and
       glance_file['keystone_authtoken']['auth_port'] and
       glance_file['keystone_authtoken']['auth_protocol'] and
@@ -21,6 +21,7 @@ class Puppet::Provider::Glance < Puppet::Provider
         g['auth_host'] = glance_file['keystone_authtoken']['auth_host'].strip
         g['auth_port'] = glance_file['keystone_authtoken']['auth_port'].strip
         g['auth_protocol'] = glance_file['keystone_authtoken']['auth_protocol'].strip
+        g['auth_admin_prefix'] = glance_file['keystone_authtoken'].fetch('auth_admin_prefix', '').strip
         g['admin_tenant_name'] = glance_file['keystone_authtoken']['admin_tenant_name'].strip
         g['admin_user'] = glance_file['keystone_authtoken']['admin_user'].strip
         g['admin_password'] = glance_file['keystone_authtoken']['admin_password'].strip
@@ -40,7 +41,7 @@ class Puppet::Provider::Glance < Puppet::Provider
 
   def self.get_auth_endpoint
     g = glance_credentials
-    "#{g['auth_protocol']}://#{g['auth_host']}:#{g['auth_port']}/v2.0/"
+    "#{g['auth_protocol']}://#{g['auth_host']}:#{g['auth_port']}#{g['auth_admin_prefix']}/v2.0/"
   end
 
   def self.glance_file
diff --git a/manifests/api.pp b/manifests/api.pp
index 6fa00de0..9641b162 100644
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -28,6 +28,10 @@
 #  * auth_type - Type is authorization being used. Optional. Defaults to 'keystone'
 #  * auth_host - Host running auth service. Optional. Defaults to '127.0.0.1'.
 #  * auth_port - Port to use for auth service on auth_host. Optional. Defaults to '35357'.
+#  * auth_admin_prefix - (optional) path part of the auth url.
+#    This allow admin auth URIs like http://auth_host:35357/keystone/admin.
+#    (where '/keystone/admin' is auth_admin_prefix)
+#    Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
 #  * auth_protocol - Protocol to use for auth. Optional. Defaults to 'http'.
 #  * keystone_tenant - tenant to authenticate to. Optioal. Defaults to admin.
 #  * keystone_user User to authenticate as with keystone Optional. Defaults to admin.
@@ -49,6 +53,7 @@ class glance::api(
   $auth_type         = 'keystone',
   $auth_host         = '127.0.0.1',
   $auth_port         = '35357',
+  $auth_admin_prefix = false,
   $auth_protocol     = 'http',
   $pipeline          = 'keystone+cachemanagement',
   $keystone_tenant   = 'admin',
@@ -134,6 +139,17 @@ class glance::api(
     'keystone_authtoken/protocol':          value => $protocol;
   }
 
+  if $auth_admin_prefix {
+    validate_re($auth_admin_prefix, '^(/.+[^/])?$')
+    glance_api_config {
+      'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
+    }
+  } else {
+    glance_api_config {
+      'keystone_authtoken/auth_admin_prefix': ensure => absent;
+    }
+  }
+
   # keystone config
   if $auth_type == 'keystone' {
     glance_api_config {
diff --git a/manifests/registry.pp b/manifests/registry.pp
index 32dc663c..97d44e26 100644
--- a/manifests/registry.pp
+++ b/manifests/registry.pp
@@ -1,3 +1,66 @@
+# == Class: glance::registry
+#
+# Installs and configures glance-registry
+#
+# === Parameters
+#
+#  [*keystone_password*]
+#    (required) The keystone password for administrative user
+#
+#  [*verbose*]
+#    (optional) Enable verbose logs (true|false). Defaults to false.
+#
+#  [*debug*]
+#    (optional) Enable debug logs (true|false). Defaults to false.
+#
+#  [*bind_host*]
+#    (optional) The address of the host to bind to. Defaults to '0.0.0.0'.
+#
+#  [*bind_port*]
+#    (optional) The port the server should bind to. Defaults to '9191'.
+#
+#  [*log_file*]
+#    (optional) Log file for glance-registry.
+#    Defaults to '/var/log/glance/registry.log'.
+#
+#  [*sql_connection*]
+#    (optional) SQL connection string.
+#    Defaults to 'sqlite:///var/lib/glance/glance.sqlite'.
+#
+#  [*sql_idle_timeout*]
+#    (optional) SQL connections idle timeout. Defaults to '3600'.
+#
+#  [*auth_type*]
+#    (optional) Authentication type. Defaults to 'keystone'.
+#
+#  [*auth_host*]
+#    (optional) Address of the admin authentication endpoint.
+#    Defaults to '127.0.0.1'.
+#
+#  [*auth_port*]
+#    (optional) Port of the admin authentication endpoint. Defaults to '35357'.
+#
+#  [*auth_admin_prefix*]
+#    (optional) path part of the auth url.
+#    This allow admin auth URIs like http://auth_host:35357/keystone/admin.
+#    (where '/keystone/admin' is auth_admin_prefix)
+#    Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
+#
+#  [*auth_protocol*]
+#    (optional) Protocol to communicate with the admin authentication endpoint.
+#    Defaults to 'http'. Should be 'http' or 'https'.
+#
+#  [*keystone_tenant*]
+#    (optional) administrative tenant name to connect to keystone.
+#    Defaults to 'admin'.
+#
+#  [*keystone_user*]
+#    (optional) administrative user name to connect to keystone.
+#    Defaults to 'admin'.
+#
+#  [*enabled*]
+#    (optional) Should the service be enabled. Defaults to true.
+#
 class glance::registry(
   $keystone_password,
   $verbose           = false,
@@ -10,6 +73,7 @@ class glance::registry(
   $auth_type         = 'keystone',
   $auth_host         = '127.0.0.1',
   $auth_port         = '35357',
+  $auth_admin_prefix = false,
   $auth_protocol     = 'http',
   $keystone_tenant   = 'admin',
   $keystone_user     = 'admin',
@@ -64,6 +128,17 @@ class glance::registry(
     'keystone_authtoken/auth_protocol': value => $auth_protocol;
   }
 
+  if $auth_admin_prefix {
+    validate_re($auth_admin_prefix, '^(/.+[^/])?$')
+    glance_registry_config {
+      'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
+    }
+  } else {
+    glance_registry_config {
+      'keystone_authtoken/auth_admin_prefix': ensure => absent;
+    }
+  }
+
   # keystone config
   if $auth_type == 'keystone' {
     glance_registry_config {
diff --git a/spec/classes/glance_api_spec.rb b/spec/classes/glance_api_spec.rb
index bbab70b1..12750f7e 100644
--- a/spec/classes/glance_api_spec.rb
+++ b/spec/classes/glance_api_spec.rb
@@ -115,6 +115,7 @@ describe 'glance::api' do
           should contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
         end
       end
+      it { should contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') }
 
       it 'should configure itself for keystone if that is the auth_type' do
         if params[:auth_type] == 'keystone'
@@ -134,11 +135,43 @@ describe 'glance::api' do
     let :params do
       {
         :keystone_password => 'ChangeMe',
-        :pipeline           => 'keystone',
+        :pipeline          => 'keystone',
       }
     end
 
     it { should contain_glance_api_config('paste_deploy/flavor').with_value('keystone') }
   end
 
+  describe 'with overriden auth_admin_prefix' do
+    let :params do
+      {
+        :keystone_password => 'ChangeMe',
+        :auth_admin_prefix => '/keystone/main'
+      }
+    end
+
+    it { should contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') }
+  end
+
+  [
+    '/keystone/',
+    'keystone/',
+    'keystone',
+    '/keystone/admin/',
+    'keystone/admin/',
+    'keystone/admin'
+  ].each do |auth_admin_prefix|
+    describe "with auth_admin_prefix_containing incorrect value #{auth_admin_prefix}" do
+      let :params do
+        {
+          :keystone_password => 'ChangeMe',
+          :auth_admin_prefix => auth_admin_prefix
+        }
+      end
+
+      it { expect { should contain_glance_api_config('filter:authtoken/auth_admin_prefix') }.to\
+        raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) }
+    end
+  end
+
 end
diff --git a/spec/classes/glance_registry_spec.rb b/spec/classes/glance_registry_spec.rb
index 5bc47af4..5c0cbf3d 100644
--- a/spec/classes/glance_registry_spec.rb
+++ b/spec/classes/glance_registry_spec.rb
@@ -1,4 +1,3 @@
-require 'spec_helper'
 
 describe 'glance::registry' do
 
@@ -99,6 +98,7 @@ describe 'glance::registry' do
         ].each do |config|
           should contain_glance_registry_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
         end
+        should contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
         if param_hash[:auth_type] == 'keystone'
           should contain_glance_registry_config("paste_deploy/flavor").with_value('keystone')
           should contain_glance_registry_config("keystone_authtoken/admin_tenant_name").with_value(param_hash[:keystone_tenant])
@@ -108,4 +108,36 @@ describe 'glance::registry' do
       end
     end
   end
+
+  describe 'with overriden auth_admin_prefix' do
+    let :params do
+      {
+        :keystone_password => 'ChangeMe',
+        :auth_admin_prefix => '/keystone/main'
+      }
+    end
+
+    it { should contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') }
+  end
+
+  [
+    '/keystone/',
+    'keystone/',
+    'keystone',
+    '/keystone/admin/',
+    'keystone/admin/',
+    'keystone/admin'
+  ].each do |auth_admin_prefix|
+    describe "with auth_admin_prefix_containing incorrect value #{auth_admin_prefix}" do
+      let :params do
+        {
+          :keystone_password => 'ChangeMe',
+          :auth_admin_prefix => auth_admin_prefix
+        }
+      end
+
+      it { expect { should contain_glance_registry_config('filter:authtoken/auth_admin_prefix') }.to\
+        raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) }
+    end
+  end
 end