da5932affc
The delay_auth_decision option has two main uses: 1. Allow a service to provide its own auth mechanism, separate from auth tokens (like Swift's tempurl middleware). 2. Allow a service to integrate with multiple auth middlewares which may want to use the same X-Auth-Token header. The first case works fine even when the service has trouble talking to Keystone -- the client doesn't send an X-Auth-Token header, so we never even attempt to contact Keystone. The second case can be problematic, however. The client will provide some token, and we don't know whether it's valid for Keystone, the other auth system, or neither. We have to *try* contacting Keystone, but if that was down we'd previously return a 503 without ever trying the other auth system. As a result, a Keystone failure results in a total system failure. Now, when delay_auth_decision is True and we cannot determine whether a token is valid or invalid, we'll instead declare the token invalid and defer the rejection. As a result, Keystone failures only affect Keystone users, and tokens issued by the other auth system may still be validated and used. Change-Id: Ie4b3319862ba7fbd329dc6883ce837e894d5270c |
||
---|---|---|
config-generator | ||
doc | ||
examples/pki | ||
keystonemiddleware | ||
releasenotes | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.stestr.conf | ||
.testr.conf | ||
.zuul.yaml | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
README.rst | ||
babel.cfg | ||
lower-constraints.txt | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Team and repository tags
Middleware for the OpenStack Identity API (Keystone)
This package contains middleware modules designed to provide
authentication and authorization features to web services other than
Keystone
<https://github.com/openstack/keystone>. The most prominent
module is keystonemiddleware.auth_token
. This package does
not expose any CLI or Python API features.
For information on contributing, see
CONTRIBUTING.rst
.
- License: Apache License, Version 2.0
- Documentation: https://docs.openstack.org/keystonemiddleware/latest/
- Source: https://git.openstack.org/cgit/openstack/keystonemiddleware
- Bugs: https://bugs.launchpad.net/keystonemiddleware
- Release notes: https://docs.openstack.org/releasenotes/keystonemiddleware/
For any other information, refer to the parent project, Keystone: