← Back to team overview

openstack team mailing list archive

Re: keystone question

 

The X-Auth-Token header in your request to validate the user token are not
the same thing. You have to login as admin to get a token and hold on to
that token, when a user request comes in with his token, you can hand it
over to keystone for validation. Here I think will be how the request look
like.

 request: curl -s -X GET http://localhost:35357/tokens/tokenToBeValidated
-H "X-Auth-Token: "adminAccessToken""

adminAccessToken should be a token you (as admin) to get using the same API
and admin userid and password or other means (certificates possibly if that
is how it was designed) to get access token just like any other user
against keystone.

Hope that helps.

Tong Li
Emerging Technologies & Standards



From:	"pat" <pat@xxxxxxxxxxxx>
To:	Tong Li/Raleigh/IBM@IBMUS,
Cc:	openstack@xxxxxxxxxxxxxxxxxxx, openstack-bounces
            +litong01=us.ibm.com@xxxxxxxxxxxxxxxxxxx
Date:	02/08/2013 07:31 AM
Subject:	Re: [Openstack] keystone question



Hi,

Thanks for the reply.

I've been digging and I've found way how to get token using API:
curl -s -X POST http://localhost:35357/tokens -d '{"auth":
{"passwordCredentials": {"username":"XXX", "password":"XXX"},
"tenantName":"XXX"}}' -H "Content-type: application/json"

This request returns JSON response, that's fine for me.

But how to validate the token? I'm following the API:
http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_validateToken_v2.0_tokens__tokenId__Admin_API_Service_Developer_Operations-d1e1356.html


and request: curl -s -X GET http://localhost:35357/tokens/XXXYYYXXX -H
"X-Auth-Token: "XXXYYYXXX""
return 401 (unauthorized).

What I'm doing wrong?

Thanks for help


On Wed, 6 Feb 2013 11:46:28 -0500, Tong Li wrote
> keystone provides APIs for authentication, I would think you only need to
develop some code in your app to call the API and parse the response, then
following request will have to be verified using the token. If you app is
already wsgi app, you will just need to use the keystone middleware in your
pipeline. If it is other type of the application, you will just need to
develop some code which deal with keystone authentication http
request/response and figure out a way to verify the token.
>
> Thanks.
>
> Tong Li
> Emerging Technologies & Standards
>
>
>
> Inactive hide details for "pat" ---02/06/2013 10:35:26 
AM---Hi all, I
have a question about keystone. I have an application (Je"pat"
---02/06/2013 10:35:26 AM---Hi all, I have a question about keystone. I
have an application (Jee web one) which I
>
> From: "pat" <pat@xxxxxxxxxxxx>
> To: openstack@xxxxxxxxxxxxxxxxxxx,
> Date: 02/06/2013 10:35 AM
> Subject: [Openstack] keystone question
> Sent by: openstack-bounces+litong01=us.ibm.com@xxxxxxxxxxxxxxxxxxx
>
>
> Hi all,
>
> I have a question about keystone. I have an application (Jee web one)
which I
> want to authenticate against keystone. What I have to do?
>
> Thanks
>
>     Pat
>
> ----------------------------------------
> Freehosting PIPNI - http://www.pipni.cz/
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
---------------------------------------------------------------------------
> Freehosting PIPNI - http://www.pipni.cz/





---------------------------------------------------------------------------

Freehosting PIPNI - http://www.pipni.cz/




GIF image


Follow ups

References