diff --git a/manifests/proxy/authtoken.pp b/manifests/proxy/authtoken.pp
index 6b9c3c38..27799ad3 100644
--- a/manifests/proxy/authtoken.pp
+++ b/manifests/proxy/authtoken.pp
@@ -45,15 +45,17 @@ class swift::proxy::authtoken(
   $admin_user          = 'swift',
   $admin_tenant_name   = 'services',
   $admin_password      = 'password',
+  $auth_uri            = false,
+  $identity_uri        = false,
+  $delay_auth_decision = 1,
+  $admin_token         = false,
+  $signing_dir         = '/var/cache/swift',
+  $cache               = 'swift.cache',
+  # DEPRECATED PARAMETERS
   $auth_host           = '127.0.0.1',
   $auth_port           = '35357',
   $auth_protocol       = 'http',
   $auth_admin_prefix   = false,
-  $auth_uri            = false,
-  $delay_auth_decision = 1,
-  $admin_token         = false,
-  $signing_dir         = '/var/cache/swift',
-  $cache               = 'swift.cache'
 ) {
 
   if $auth_uri {
@@ -63,8 +65,21 @@ class swift::proxy::authtoken(
   }
   $fragment_title    = regsubst($name, '/', '_', 'G')
 
-  if $auth_admin_prefix {
-    validate_re($auth_admin_prefix, '^(/.+[^/])?$')
+  # if both auth_uri and identity_uri are set we skip these deprecated warnings
+  if !$auth_uri or !$identity_uri {
+    if $auth_host {
+      warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
+    }
+    if $auth_port {
+      warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
+    }
+    if $auth_protocol {
+      warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
+    }
+    if $auth_admin_prefix {
+      warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.')
+      validate_re($auth_admin_prefix, '^(/.+[^/])?$')
+    }
   }
 
   file { $signing_dir:
diff --git a/spec/classes/swift_proxy_authtoken_spec.rb b/spec/classes/swift_proxy_authtoken_spec.rb
index dfa047d5..2188f7c3 100644
--- a/spec/classes/swift_proxy_authtoken_spec.rb
+++ b/spec/classes/swift_proxy_authtoken_spec.rb
@@ -145,6 +145,58 @@ describe 'swift::proxy::authtoken' do
     end
   end
 
+  describe "when identity_uri is set" do
+    let :params do
+      {
+        :identity_uri => 'https://foo.bar:35357/'
+      }
+    end
 
+    it 'should build the fragment with correct parameters' do
+      verify_contents(subject, fragment_file,
+        [
+          '[filter:authtoken]',
+          'log_name = swift',
+          'signing_dir = /var/cache/swift',
+          'paste.filter_factory = keystonemiddleware.auth_token:filter_factory',
+          'auth_host = 127.0.0.1',
+          'auth_port = 35357',
+          'auth_protocol = http',
+          'auth_uri = http://127.0.0.1:5000',
+          'identity_uri = https://foo.bar:35357/',
+          'delay_auth_decision = 1',
+          'cache = swift.cache',
+          'include_service_catalog = False'
+        ]
+      )
+    end
+  end
+
+
+
+  describe "when both auth_uri and identity_uri are set" do
+    let :params do
+      {
+        :auth_uri => 'https://foo.bar:5000/v2.0/',
+        :identity_uri => 'https://foo.bar:35357/'
+      }
+    end
+
+    it 'should build the fragment with correct parameters' do
+      verify_contents(subject, fragment_file,
+        [
+          '[filter:authtoken]',
+          'log_name = swift',
+          'signing_dir = /var/cache/swift',
+          'paste.filter_factory = keystonemiddleware.auth_token:filter_factory',
+          'auth_uri = https://foo.bar:5000/v2.0/',
+          'identity_uri = https://foo.bar:35357/',
+          'delay_auth_decision = 1',
+          'cache = swift.cache',
+          'include_service_catalog = False'
+        ]
+      )
+    end
+  end
 
 end
diff --git a/templates/proxy/authtoken.conf.erb b/templates/proxy/authtoken.conf.erb
index 59f23b15..b66c24b5 100644
--- a/templates/proxy/authtoken.conf.erb
+++ b/templates/proxy/authtoken.conf.erb
@@ -2,13 +2,19 @@
 log_name = swift
 signing_dir = <%= @signing_dir %>
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+<% if not @identity_uri or not @auth_uri then -%>
 auth_host = <%= @auth_host %>
 auth_port = <%= @auth_port %>
 auth_protocol = <%= @auth_protocol %>
 <% if @auth_admin_prefix -%>
 auth_admin_prefix = <%= @auth_admin_prefix %>
 <% end -%>
+<% end -%>
 auth_uri = <%= @auth_uri_real %>
+<% if @identity_uri -%>
+identity_uri = <%= @identity_uri %>
+<% end -%>
 # if its defined
 <% if @admin_token -%>
 admin_token = <%= @admin_token %>