openstack team mailing list archive
Mailing list archive
Re: Keystone 8K header size limit
Dolph Mathews <dolph.mathews@xxxxxxxxx>, openstack <openstack@xxxxxxxxxxxxxxxxxxx>
"Miller, Mark M (EB SW Cloud - R&D - Corvallis)" <mark.m.miller@xxxxxx>
Wed, 29 May 2013 20:00:02 +0000
"Brownell, Jonathan C \(Corvallis\)" <brownell@xxxxxx>
Keystone 8K header size limit
Thank you Dolph.
From: Dolph Mathews [mailto:dolph.mathews@xxxxxxxxx]
Sent: Wednesday, May 29, 2013 12:55 PM
To: Miller, Mark M (EB SW Cloud - R&D - Corvallis); openstack
Cc: Yee, Guang
Subject: Re: Keystone 8K header size limit
Apologies, none of these configuration settings were documented in etc/keystone.conf.sample. The last one is the one that controls this behavior.
# enforced by sizelimit middleware (keystone.middleware:RequestBodySizeLimiter)
max_request_body_size = 114688
# limit the sizes of user & tenant ID/names
max_param_size = 64
# similar to max_param_size, but provides an exception for token values
max_token_size = 8192
I also put these docs up for review: https://review.openstack.org/30932
On Wed, May 29, 2013 at 1:23 PM, Miller, Mark M (EB SW Cloud - R&D - Corvallis) <mark.m.miller@xxxxxx<mailto:mark.m.miller@xxxxxx>> wrote:
We are running into a problem with PKI tokens being greater than 8K and having Keystone not able to validate them. Do you know of a workaround?