diff --git a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py
index 0e6a5b754..eb64e1f6c 100644
--- a/keystoneclient/common/cms.py
+++ b/keystoneclient/common/cms.py
@@ -24,6 +24,7 @@ or eventlet.green.subprocess based on if os module is patched by eventlet.
 import errno
 import hashlib
 import logging
+import six
 
 from keystoneclient import exceptions
 
@@ -263,6 +264,8 @@ def cms_hash_token(token_id):
         return None
     if is_ans1_token(token_id):
         hasher = hashlib.md5()
+        if isinstance(token_id, six.text_type):
+            token_id = token_id.encode('utf-8')
         hasher.update(token_id)
         return hasher.hexdigest()
     else:
diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py
index 8a6add57d..6a8f6c19d 100644
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -1232,6 +1232,8 @@ class AuthProtocol(object):
         if not revoked_tokens:
             return
         revoked_ids = (x['id'] for x in revoked_tokens)
+        if isinstance(signed_text, six.text_type):
+            signed_text = signed_text.encode('utf-8')
         token_id = utils.hash_signed_token(signed_text)
         for revoked_id in revoked_ids:
             if token_id == revoked_id:
diff --git a/keystoneclient/tests/client_fixtures.py b/keystoneclient/tests/client_fixtures.py
index 2ed050689..cb6bb2608 100644
--- a/keystoneclient/tests/client_fixtures.py
+++ b/keystoneclient/tests/client_fixtures.py
@@ -99,14 +99,19 @@ class Examples(fixtures.Fixture):
         self.v3_UUID_TOKEN_BIND = '2f61f73e1c854cbb9534c487f9bd63c2'
         self.v3_UUID_TOKEN_UNKNOWN_BIND = '7ed9781b62cd4880b8d8c6788ab1d1e2'
 
-        self.REVOKED_TOKEN_HASH = utils.hash_signed_token(self.REVOKED_TOKEN)
+        revoked_token = self.REVOKED_TOKEN
+        if isinstance(revoked_token, six.text_type):
+            revoked_token = revoked_token.encode('utf-8')
+        self.REVOKED_TOKEN_HASH = utils.hash_signed_token(revoked_token)
         self.REVOKED_TOKEN_LIST = (
             {'revoked': [{'id': self.REVOKED_TOKEN_HASH,
                           'expires': timeutils.utcnow()}]})
         self.REVOKED_TOKEN_LIST_JSON = jsonutils.dumps(self.REVOKED_TOKEN_LIST)
 
-        self.REVOKED_v3_TOKEN_HASH = utils.hash_signed_token(
-            self.REVOKED_v3_TOKEN)
+        revoked_v3_token = self.REVOKED_v3_TOKEN
+        if isinstance(revoked_v3_token, six.text_type):
+            revoked_v3_token = revoked_v3_token.encode('utf-8')
+        self.REVOKED_v3_TOKEN_HASH = utils.hash_signed_token(revoked_v3_token)
         self.REVOKED_v3_TOKEN_LIST = (
             {'revoked': [{'id': self.REVOKED_v3_TOKEN_HASH,
                           'expires': timeutils.utcnow()}]})