RETIRED, A Django authentication backend for use with the OpenStack Keystone Identity backend.

Go to file

Colleen Murphy ca3166707b Allow federated users to auth with domain scope When a federated user logs in, openstack_auth receives an unscoped token and no user_domain_name parameter. Currently, if the federated user has a role in one or more domains, but no roles in any projects, openstack_auth prevents authorization and denies the user's login with the error "You are not authorized for any projects or domains." This is a problem because first, it's inaccurate, as the user is authorized for at least one domain, and second, a keystone administrator may want to give federated users access to a domain without any projects in it, for example so delegate the creation of projects to the federated users themselves. This patch allows federated users without project roles to log in by looking up domains as well as projects when attempting to scope the token. This lookup is skipped if the domain was passed as part of the request. This patch also slightly restructures the OpenStackAuthTestsWebSSO and OpenStackAuthTestsV3 tests because mox needs to simulate only one instance of the plugin but two instances of the client objects for every call to authenticate(). Closes-bug: #1649101 Change-Id: I151218ff28c0728898ed5315d63dd8122ce3b166		2017-01-25 19:42:26 +01:00
doc/source	Merge "Fixes modules index generated by Sphinx"	2015-07-24 18:48:06 +00:00
openstack_auth	Allow federated users to auth with domain scope	2017-01-25 19:42:26 +01:00
tools	Add Constraints support	2016-12-20 16:01:27 +11:00
.gitignore	Fix the path of build docs in .gitignore	2015-09-22 11:33:17 +00:00
.gitreview	Add OpenStack .gitreview file	2013-07-17 11:22:38 -07:00
.mailmap	Align with OpenStack project standards	2013-09-10 16:58:11 -05:00
CONTRIBUTING.rst	Workflow documentation is now in infra-manual	2014-12-15 20:49:41 +00:00
LICENSE	Align with OpenStack project standards	2013-09-10 16:58:11 -05:00
MANIFEST.in	Align with OpenStack project standards	2013-09-10 16:58:11 -05:00
README.rst	Show team and repo badges on README	2016-11-25 14:13:11 +01:00
babel-django.cfg	Update translation setup	2016-01-31 00:10:47 +09:00
requirements.txt	Updated from global requirements	2017-01-16 17:18:01 +00:00
setup.cfg	Merge "Drop supporting python3.3"	2016-02-15 14:41:29 +00:00
setup.py	Updated from global requirements	2015-09-18 20:42:11 +00:00
test-requirements.txt	Updated from global requirements	2016-10-22 01:18:27 +00:00
tox.ini	Add Constraints support	2016-12-20 16:01:27 +11:00

README.rst

Team and repository tags

Django OpenStack Auth

Django OpenStack Auth is a pluggable Django authentication backend that works with Django's contrib.auth framework to authenticate a user against OpenStack's Keystone Identity API.

The current version is designed to work with the Keystone v2.0 and v3 API.

You can view the installation instructions on Read The Docs.

License: Apache License, Version 2.0
Documentation: http://django-openstack-auth.readthedocs.org/en/latest/
Source: http://git.openstack.org/cgit/openstack/django_openstack_auth/
Bugs: https://bugs.launchpad.net/django-openstack-auth