← Back to team overview

openstack team mailing list archive

Re: keystone question

 

Hi,

Thanks a lot.

Pat

On Fri, 8 Feb 2013 08:52:13 -0500, Tong Li wrote
> The X-Auth-Token header in your request to validate the user token are not the same thing. You have to login as admin to get a token and hold on to that token, when a user request comes in with his token, you can hand it over to keystone for validation. Here I think will be how the request look like.
>
>  request: curl -s -X GET http://localhost:35357/tokens/tokenToBeValidated -H "X-Auth-Token: "adminAccessToken""
>
> adminAccessToken should be a token you (as admin) to get using the same API and admin userid and password or other means (certificates possibly if that is how it was designed) to get access token just like any other user against keystone.
>
> Hope that helps.
>
> Tong Li
> Emerging Technologies & Standards
> 
> "pat" ---02/08/2013 07:31:25 AM---Hi, Thanks for the reply.
>
> From: "pat" <pat@xxxxxxxxxxxx>
> To: Tong Li/Raleigh/IBM@IBMUS, 
> Cc: openstack@xxxxxxxxxxxxxxxxxxx, openstack-bounces+litong01=us.ibm.com@xxxxxxxxxxxxxxxxxxx
> Date: 02/08/2013 07:31 AM
> Subject: Re: [Openstack] keystone question
>
-----------------------------------------------------------------------

>
> Hi,
>
> Thanks for the reply.
>
> I&#39;ve been digging and I&#39;ve found way how to get token using API:
> curl -s -X POST http://localhost:35357/tokens -d &#39;{"auth": {"passwordCredentials": {"username":"XXX", "password":"XXX"}, "tenantName":"XXX"}}&#39; -H "Content-type: application/json"
>
> This request returns JSON response, that&#39;s fine for me.
>
> But how to validate the token? I&#39;m following the API:
> http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_validateToken_v2.0_tokens__tokenId__Admin_API_Service_Developer_Operations-d1e1356.html
>
> and request: curl -s -X GET http://localhost:35357/tokens/XXXYYYXXX -H "X-Auth-Token: "XXXYYYXXX""
> return 401 (unauthorized).
>
> What I&#39;m doing wrong?
>
> Thanks for help
>
> 
> On Wed, 6 Feb 2013 11:46:28 -0500, Tong Li wrote
> > keystone provides APIs for authentication, I would think you only need to develop some code in your app to call the API and parse the response, then following request will have to be verified using the token. If you app is already wsgi app, you will just need to use the keystone middleware in your pipeline. If it is other type of the application, you will just need to develop some code which deal with keystone authentication http request/response and figure out a way to verify the token.
> >
> > Thanks.
> >
> > Tong Li
> > Emerging Technologies & Standards
> >
> > 
> >
> > "pat" ---02/06/2013 10:35:26 AM---Hi all, I have a question about keystone. I have an application (Jee web one) which I
> >
> > From: "pat" <pat@xxxxxxxxxxxx>
> > To: openstack@xxxxxxxxxxxxxxxxxxx, 
> > Date: 02/06/2013 10:35 AM
> > Subject: [Openstack] keystone question
> > Sent by: openstack-bounces+litong01=us.ibm.com@xxxxxxxxxxxxxxxxxxx
> > 
-----------------------------------------------------------------------

> >
> > Hi all,
> >
> > I have a question about keystone. I have an application (Jee web one) which I
> > want to authenticate against keystone. What I have to do?
> >
> > Thanks
> >
> > Pat
> >
> > ----------------------------------------
> > Freehosting PIPNI - http://www.pipni.cz/
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~openstack
> > Post to : openstack@xxxxxxxxxxxxxxxxxxx
> > Unsubscribe : https://launchpad.net/~openstack
> > More help : https://help.launchpad.net/ListHelp
> >
> > 
> >
> > ---------------------------------------------------------------------------
> > Freehosting PIPNI - http://www.pipni.cz/
>
> 
> ---------------------------------------------------------------------------
> Freehosting PIPNI - http://www.pipni.cz/ 
>
> ---------------------------------------------------------------------------
> Freehosting PIPNI - http://www.pipni.cz/

 


----------------------------------------
Freehosting PIPNI - http://www.pipni.cz/

GIF image


References