Keystone Auth Token

Click on the Keystone Auth Token link on the Manage Cluster page Middleware tab to enable and configure the Keystone Auth Token middleware.

Settings

Be sure the Enabled box is checked if you want the settings you provide on the page to be used to authenticate users.

auth_admin_prefix

Prefix to prepend at the beginning of the admin Identity API endpoint URL.

identity_url

IP Address or FQDN of your Keystone server. Complete admin Identity API endpoint should specify the unversioned root endpoint. e.g. https://Keystone_IP:35357/

auth_uri

(Deprecated) Service endpoint URI of Keystone, including port 5000 by default. Backward compatible use only. This is same as Identity_url in current version of KeystoneMiddleware

admin_user

Administrative user's username

admin_password

Administrative user's password

admin_tenant_name

Tenant of admin_user

signing_dir

/var/cache/swift by default. This is used while token format in PKI

include_service_catalog

Set the X-Service-Catalog header? If False, this middleware will not set the X-Service-Catalog header. Unless you need or use the X-Service-Catalog header, set this to False.

token_cache_time

In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds).

revocation_cache_time

Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.

http_connect_timeout

Request timeout value for communicating with Identity API server.

http_request_max_retries

How many times to retry connections when communicating with Identity API Server.

More information of this middleware

Keystone V3 non-default domain users are supported in this version https://github.com/openstack/keystonemiddleware.git