openstack
/
openstack-manuals
Code Issues Proposed changes
openstack-manuals/doc/src/docbkx/openstack-identity-service-.../target/docbkx/pdf/os-identity-starter-guide.fo

179 lines
110 KiB
XML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="utf-8"?><fo:root xmlns:fo="http://www.w3.org/1999/XSL/Format" font-family="CartoGothic Std" font-size="10.5pt" text-align="start" line-height="normal" font-selection-strategy="character-by-character" line-height-shift-adjustment="disregard-shifts" writing-mode="lr-tb" language="en"><fo:layout-master-set><fo:simple-page-master master-name="blank" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body display-align="center" margin-bottom="0.5in" margin-top="0.5in"/><fo:region-before region-name="xsl-region-before-blank" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-blank" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="titlepage-first" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-first" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-first" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="titlepage-odd" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-odd" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-odd" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="titlepage-even" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-even" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-even" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="lot-first" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-first" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-first" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="lot-odd" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-odd" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-odd" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="lot-even" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-even" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-even" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="front-first" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-first" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-first" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="front-odd" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-odd" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-odd" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="front-even" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-even" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-even" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="body-first" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-first" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-first" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="body-odd" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-odd" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-odd" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="body-even" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-even" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-even" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="back-first" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-first" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-first" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="back-odd" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-odd" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-odd" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="back-even" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="1"/><fo:region-before region-name="xsl-region-before-even" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-even" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="index-first" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="2"/><fo:region-before region-name="xsl-region-before-first" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-first" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="index-odd" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="2"/><fo:region-before region-name="xsl-region-before-odd" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-odd" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:simple-page-master master-name="index-even" page-width="8.5in" page-height="11in" margin-top="0.5in" margin-bottom="0.5in" margin-left="1in" margin-right="1in"><fo:region-body margin-bottom="0.5in" margin-top="0.5in" column-gap="12pt" column-count="2"/><fo:region-before region-name="xsl-region-before-even" extent="0.4in" display-align="before"/><fo:region-after region-name="xsl-region-after-even" extent="0.4in" display-align="after"/></fo:simple-page-master><fo:page-sequence-master master-name="titlepage"><fo:repeatable-page-master-alternatives><fo:conditional-page-master-reference master-reference="blank" blank-or-not-blank="blank"/><fo:conditional-page-master-reference master-reference="titlepage-first" page-position="first"/><fo:conditional-page-master-reference master-reference="titlepage-odd" odd-or-even="odd"/><fo:conditional-page-master-reference odd-or-even="even" master-reference="titlepage-odd"/></fo:repeatable-page-master-alternatives></fo:page-sequence-master><fo:page-sequence-master master-name="lot"><fo:repeatable-page-master-alternatives><fo:conditional-page-master-reference master-reference="blank" blank-or-not-blank="blank"/><fo:conditional-page-master-reference master-reference="lot-first" page-position="first"/><fo:conditional-page-master-reference master-reference="lot-odd" odd-or-even="odd"/><fo:conditional-page-master-reference odd-or-even="even" master-reference="lot-odd"/></fo:repeatable-page-master-alternatives></fo:page-sequence-master><fo:page-sequence-master master-name="front"><fo:repeatable-page-master-alternatives><fo:conditional-page-master-reference master-reference="blank" blank-or-not-blank="blank"/><fo:conditional-page-master-reference master-reference="front-first" page-position="first"/><fo:conditional-page-master-reference master-reference="front-odd" odd-or-even="odd"/><fo:conditional-page-master-reference odd-or-even="even" master-reference="front-odd"/></fo:repeatable-page-master-alternatives></fo:page-sequence-master><fo:page-sequence-master master-name="body"><fo:repeatable-page-master-alternatives><fo:conditional-page-master-reference master-reference="blank" blank-or-not-blank="blank"/><fo:conditional-page-master-reference master-reference="body-first" page-position="first"/><fo:conditional-page-master-reference master-reference="body-odd" odd-or-even="odd"/><fo:conditional-page-master-reference odd-or-even="even" master-reference="body-odd"/></fo:repeatable-page-master-alternatives></fo:page-sequence-master><fo:page-sequence-master master-name="back"><fo:repeatable-page-master-alternatives><fo:conditional-page-master-reference master-reference="blank" blank-or-not-blank="blank"/><fo:conditional-page-master-reference master-reference="back-first" page-position="first"/><fo:conditional-page-master-reference master-reference="back-odd" odd-or-even="odd"/><fo:conditional-page-master-reference odd-or-even="even" master-reference="back-odd"/></fo:repeatable-page-master-alternatives></fo:page-sequence-master><fo:page-sequence-master master-name="index"><fo:repeatable-page-master-alternatives><fo:conditional-page-master-reference master-reference="blank" blank-or-not-blank="blank"/><fo:conditional-page-master-reference master-reference="index-first" page-position="first"/><fo:conditional-page-master-reference master-reference="index-odd" odd-or-even="odd"/><fo:conditional-page-master-reference odd-or-even="even" master-reference="index-odd"/></fo:repeatable-page-master-alternatives></fo:page-sequence-master><fo:simple-page-master xmlns:exslt="http://exslt.org/common" master-name="cloudpage-first" page-width="8.5in" page-height="11in" margin-top="0.0in" margin-bottom="0.0in" margin-left="0.0in" margin-right="0.0in"><fo:region-body margin-bottom="0.0in" margin-top="0.0in" column-gap="0pt" column-count="1"/><fo:region-before extent="11.0in" display-align="before" background-image="url(/Users/anne.gentle/src/openstack-manuals/doc/src/docbkx/openstack-identity-service-starter/target/docbkx/images/cloud/cover.svg)" background-repeat="no-repeat" background-position-horizontal="0%" background-position-vertical="0%"/></fo:simple-page-master><fo:page-sequence-master xmlns:exslt="http://exslt.org/common" master-name="cloud-titlepage"><fo:repeatable-page-master-alternatives><fo:conditional-page-master-reference master-reference="blank" blank-or-not-blank="blank"/><fo:conditional-page-master-reference master-reference="cloudpage-first" page-position="first"/><fo:conditional-page-master-reference master-reference="titlepage-odd" odd-or-even="odd"/><fo:conditional-page-master-reference odd-or-even="even" master-reference="titlepage-odd"/></fo:repeatable-page-master-alternatives></fo:page-sequence-master></fo:layout-master-set><fo:declarations><x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:Description xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xapRights="http://ns.adobe.com/xap/1.0/rights/" rdf:about=""><xapRights:Marked>True</xapRights:Marked></rdf:Description><rdf:Description xmlns:dc="http://purl.org/dc/elements/1.1/" rdf:about=""><dc:rights><rdf:Alt><rdf:li xml:lang="x-default">Copyright © 2010, 2011 OpenStack LLC All rights reserved.</rdf:li></rdf:Alt></dc:rights><dc:title>OpenStack Identity Starter Guide</dc:title><dc:creator/></rdf:Description><rdf:Description xmlns:pdf="http://ns.adobe.com/pdf/1.3/" rdf:about=""/><rdf:Description xmlns:xmp="http://ns.adobe.com/xap/1.0/" rdf:about=""><xmp:CreatorTool>Cloud API Docs Plugin</xmp:CreatorTool></rdf:Description></rdf:RDF></x:xmpmeta></fo:declarations><fo:bookmark-tree><fo:bookmark xmlns:fox="http://xmlgraphics.apache.org/fop/extensions" internal-destination="openstack-identity-starter-guide" starting-state="hide"><fo:bookmark-title>OpenStack Identity Starter Guide</fo:bookmark-title></fo:bookmark><fo:bookmark xmlns:fox="http://xmlgraphics.apache.org/fop/extensions" internal-destination="toc...openstack-identity-starter-guide"><fo:bookmark-title>Table of Contents</fo:bookmark-title></fo:bookmark><fo:bookmark xmlns:fox="http://xmlgraphics.apache.org/fop/extensions" internal-destination="quick-guide-to-getting-started-with-keystone" starting-state="hide"><fo:bookmark-title>1. Quick Guide to Getting Started with Keystone</fo:bookmark-title><fo:bookmark internal-destination="Identity-Service-Concepts-e1362" starting-state="hide"><fo:bookmark-title>Identity Service Concepts</fo:bookmark-title></fo:bookmark><fo:bookmark internal-destination="installing-openstack-identity-service" starting-state="hide"><fo:bookmark-title>Installing the OpenStack Identity Service</fo:bookmark-title></fo:bookmark><fo:bookmark internal-destination="starting-identity-service" starting-state="hide"><fo:bookmark-title>Starting the Identity Service</fo:bookmark-title></fo:bookmark><fo:bookmark internal-destination="configuring-the-identity-service" starting-state="hide"><fo:bookmark-title>Configuring the Identity Service</fo:bookmark-title></fo:bookmark><fo:bookmark internal-destination="dependencies" starting-state="hide"><fo:bookmark-title>Dependencies</fo:bookmark-title></fo:bookmark><fo:bookmark internal-destination="creating-tenants-users-roles-tokens-and-endpoints" starting-state="hide"><fo:bookmark-title>Creating Tenants, Users, Roles, Tokens and Endpoints</fo:bookmark-title></fo:bookmark><fo:bookmark internal-destination="curl-examples" starting-state="hide"><fo:bookmark-title>Curl examples</fo:bookmark-title></fo:bookmark></fo:bookmark></fo:bookmark-tree><fox:destination xmlns:fox="http://xmlgraphics.apache.org/fop/extensions" internal-destination="openstack-identity-starter-guide"/><fox:destination xmlns:fox="http://xmlgraphics.apache.org/fop/extensions" internal-destination="quick-guide-to-getting-started-with-keystone"/><fox:destination xmlns:fox="http://xmlgraphics.apache.org/fop/extensions" internal-destination="Identity-Service-Concepts-e1362"/><fox:destination xmlns:fox="http://xmlgraphics.apache.org/fop/extensions" internal-destination="installing-openstack-identity-service"/><fox:destination xmlns:fox="http://xmlgraphics.apache.org/fop/extensions" internal-destination="starting-identity-service"/><fox:destination xmlns:fox="http://xmlgraphics.apache.org/fop/extensions" internal-destination="configuring-the-identity-service"/><fox:destination xmlns:fox="http://xmlgraphics.apache.org/fop/extensions" internal-destination="dependencies"/><fox:destination xmlns:fox="http://xmlgraphics.apache.org/fop/extensions" internal-destination="creating-tenants-users-roles-tokens-and-endpoints"/><fox:destination xmlns:fox="http://xmlgraphics.apache.org/fop/extensions" internal-destination="curl-examples"/><fo:page-sequence xmlns:axf="http://www.antennahouse.com/names/XSL/Extensions" hyphenate="true" master-reference="cloud-titlepage" language="en" format="i" initial-page-number="1" force-page-count="no-force" hyphenation-character="-" hyphenation-push-character-count="2" hyphenation-remain-character-count="2"><fo:static-content xmlns:exslt="http://exslt.org/common" flow-name="xsl-region-before-first"><fo:block-container reference-orientation="90" absolute-position="fixed" top="-1in" overflow="visible" height="2in" width="30in" z-index="1"><fo:block padding-before=".45in" font-size="1.5em" color="gray" font-weight="bold"><fo:leader leader-pattern="use-content" leader-length="30in" letter-spacing=".1em"> </fo:leader></fo:block></fo:block-container><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-bottom-width="0.5pt" border-bottom-style="solid" border-bottom-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="before" relative-align="baseline"><fo:block><fo:block>OpenStack Identity Starter Guide</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="before" relative-align="baseline"><fo:block><fo:block>Sep 28, 2011</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="right" display-align="before" relative-align="baseline"><fo:block><fo:block>trunk</fo:block></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content xmlns:exslt="http://exslt.org/common" flow-name="xsl-region-before-odd"><fo:block-container reference-orientation="90" absolute-position="fixed" top="-1in" overflow="visible" height="2in" width="30in" z-index="1"><fo:block padding-before=".45in" font-size="1.5em" color="gray" font-weight="bold"><fo:leader leader-pattern="use-content" leader-length="30in" letter-spacing=".1em"> </fo:leader></fo:block></fo:block-container><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-bottom-width="0.5pt" border-bottom-style="solid" border-bottom-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="before" relative-align="baseline"><fo:block><fo:block>OpenStack Identity Starter Guide</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="before" relative-align="baseline"><fo:block><fo:block>Sep 28, 2011</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="right" display-align="before" relative-align="baseline"><fo:block><fo:block>trunk</fo:block></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content xmlns:exslt="http://exslt.org/common" flow-name="xsl-region-before-even"><fo:block-container reference-orientation="90" absolute-position="fixed" top="-1in" overflow="visible" height="2in" width="30in" z-index="1"><fo:block padding-before=".45in" font-size="1.5em" color="gray" font-weight="bold"><fo:leader leader-pattern="use-content" leader-length="30in" letter-spacing=".1em"> </fo:leader></fo:block></fo:block-container><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-bottom-width="0.5pt" border-bottom-style="solid" border-bottom-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="before" relative-align="baseline"><fo:block><fo:block>OpenStack Identity Starter Guide</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="before" relative-align="baseline"><fo:block><fo:block>Sep 28, 2011</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="right" display-align="before" relative-align="baseline"><fo:block><fo:block>trunk</fo:block></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content xmlns:exslt="http://exslt.org/common" flow-name="xsl-region-before-blank"><fo:block-container reference-orientation="90" absolute-position="fixed" top="-1in" overflow="visible" height="2in" width="30in" z-index="1"><fo:block padding-before=".45in" font-size="1.5em" color="gray" font-weight="bold"><fo:leader leader-pattern="use-content" leader-length="30in" letter-spacing=".1em"> </fo:leader></fo:block></fo:block-container><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-bottom-width="0.5pt" border-bottom-style="solid" border-bottom-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="before" relative-align="baseline"><fo:block><fo:block/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="before" relative-align="baseline"><fo:block><fo:block/></fo:block></fo:table-cell><fo:table-cell text-align="right" display-align="before" relative-align="baseline"><fo:block><fo:block/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content flow-name="xsl-footnote-separator"><fo:block><fo:leader color="black" leader-pattern="rule" leader-length="1in"/></fo:block></fo:static-content><fo:static-content flow-name="xsl-region-after-first"><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-top-width="0.5pt" border-top-style="solid" border-top-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"><fo:page-number/></fo:block></fo:block></fo:table-cell><fo:table-cell text-align="end" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content flow-name="xsl-region-after-odd"><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-top-width="0.5pt" border-top-style="solid" border-top-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"><fo:page-number/></fo:block></fo:block></fo:table-cell><fo:table-cell text-align="end" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content flow-name="xsl-region-after-even"><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-top-width="0.5pt" border-top-style="solid" border-top-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"><fo:page-number/></fo:block></fo:block></fo:table-cell><fo:table-cell text-align="end" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content flow-name="xsl-region-after-blank"><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-top-width="0.5pt" border-top-style="solid" border-top-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="end" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:flow flow-name="xsl-region-body"><fo:block id="openstack-identity-starter-guide"><fo:block><fo:block><fo:block break-after="page"/><fo:block font-size="14.4pt" font-weight="bold" font-family="CartoGothic Std"><fo:block>OpenStack Identity Starter Guide</fo:block></fo:block><fo:block font-size="10pt"><fo:block> </fo:block></fo:block><fo:block font-size="10pt" space-before="0.5em">trunk (2011-09-28)</fo:block><fo:block font-size="10pt">Copyright © 2010, 2011 OpenStack LLC All rights reserved.</fo:block><fo:block font-size="10pt"><fo:block xmlns:exslt="http://exslt.org/common" start-indent="0.0in" end-indent="0.0in"><fo:block font-family="CartoGothic Std" font-weight="bold" keep-with-next.within-column="always" space-before.optimum="10pt" space-before.minimum="10pt * 0.8" space-before.maximum="10pt * 1.2" hyphenate="false" text-align="center"/><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">OpenStack™ Identity Service offers open source software for identity management
for cloud users and administrators. This manual provides guidance for installing,
managing, and understanding the software that runs OpenStack Identity Service.
</fo:block></fo:block></fo:block><fo:block font-size="8pt" space-before="1.0em"><fo:block xmlns:exslt="http://exslt.org/common" id="d6e17"><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"><fo:basic-link external-destination="http://www.apache.org/licenses/LICENSE-2.0"><fo:inline>http://www.apache.org/licenses/LICENSE-2.0</fo:inline></fo:basic-link></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
</fo:block></fo:block></fo:block></fo:block><fo:block break-after="page"/></fo:block></fo:block></fo:flow></fo:page-sequence><fo:page-sequence xmlns:axf="http://www.antennahouse.com/names/XSL/Extensions" hyphenate="true" master-reference="lot" language="en" format="i" initial-page-number="auto" force-page-count="no-force" hyphenation-character="-" hyphenation-push-character-count="2" hyphenation-remain-character-count="2"><fo:static-content xmlns:exslt="http://exslt.org/common" flow-name="xsl-region-before-first"><fo:block-container reference-orientation="90" absolute-position="fixed" top="-1in" overflow="visible" height="2in" width="30in" z-index="1"><fo:block padding-before=".45in" font-size="1.5em" color="gray" font-weight="bold"><fo:leader leader-pattern="use-content" leader-length="30in" letter-spacing=".1em"> </fo:leader></fo:block></fo:block-container><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-bottom-width="0.5pt" border-bottom-style="solid" border-bottom-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="before" relative-align="baseline"><fo:block><fo:block>OpenStack Identity Starter Guide</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="before" relative-align="baseline"><fo:block><fo:block>Sep 28, 2011</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="right" display-align="before" relative-align="baseline"><fo:block><fo:block>trunk</fo:block></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content xmlns:exslt="http://exslt.org/common" flow-name="xsl-region-before-odd"><fo:block-container reference-orientation="90" absolute-position="fixed" top="-1in" overflow="visible" height="2in" width="30in" z-index="1"><fo:block padding-before=".45in" font-size="1.5em" color="gray" font-weight="bold"><fo:leader leader-pattern="use-content" leader-length="30in" letter-spacing=".1em"> </fo:leader></fo:block></fo:block-container><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-bottom-width="0.5pt" border-bottom-style="solid" border-bottom-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="before" relative-align="baseline"><fo:block><fo:block>OpenStack Identity Starter Guide</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="before" relative-align="baseline"><fo:block><fo:block>Sep 28, 2011</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="right" display-align="before" relative-align="baseline"><fo:block><fo:block>trunk</fo:block></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content xmlns:exslt="http://exslt.org/common" flow-name="xsl-region-before-even"><fo:block-container reference-orientation="90" absolute-position="fixed" top="-1in" overflow="visible" height="2in" width="30in" z-index="1"><fo:block padding-before=".45in" font-size="1.5em" color="gray" font-weight="bold"><fo:leader leader-pattern="use-content" leader-length="30in" letter-spacing=".1em"> </fo:leader></fo:block></fo:block-container><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-bottom-width="0.5pt" border-bottom-style="solid" border-bottom-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="before" relative-align="baseline"><fo:block><fo:block>OpenStack Identity Starter Guide</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="before" relative-align="baseline"><fo:block><fo:block>Sep 28, 2011</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="right" display-align="before" relative-align="baseline"><fo:block><fo:block>trunk</fo:block></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content xmlns:exslt="http://exslt.org/common" flow-name="xsl-region-before-blank"><fo:block-container reference-orientation="90" absolute-position="fixed" top="-1in" overflow="visible" height="2in" width="30in" z-index="1"><fo:block padding-before=".45in" font-size="1.5em" color="gray" font-weight="bold"><fo:leader leader-pattern="use-content" leader-length="30in" letter-spacing=".1em"> </fo:leader></fo:block></fo:block-container><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-bottom-width="0.5pt" border-bottom-style="solid" border-bottom-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="before" relative-align="baseline"><fo:block><fo:block/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="before" relative-align="baseline"><fo:block><fo:block/></fo:block></fo:table-cell><fo:table-cell text-align="right" display-align="before" relative-align="baseline"><fo:block><fo:block/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content flow-name="xsl-footnote-separator"><fo:block><fo:leader color="black" leader-pattern="rule" leader-length="1in"/></fo:block></fo:static-content><fo:static-content flow-name="xsl-region-after-first"><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-top-width="0.5pt" border-top-style="solid" border-top-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"><fo:page-number/></fo:block></fo:block></fo:table-cell><fo:table-cell text-align="end" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content flow-name="xsl-region-after-odd"><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-top-width="0.5pt" border-top-style="solid" border-top-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"><fo:page-number/></fo:block></fo:block></fo:table-cell><fo:table-cell text-align="end" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content flow-name="xsl-region-after-even"><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-top-width="0.5pt" border-top-style="solid" border-top-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"><fo:page-number/></fo:block></fo:block></fo:table-cell><fo:table-cell text-align="end" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content flow-name="xsl-region-after-blank"><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-top-width="0.5pt" border-top-style="solid" border-top-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="end" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:flow flow-name="xsl-region-body" start-indent="4pc" end-indent="0pt"><fo:block space-before.minimum="0.5em" space-before.optimum="1em" space-before.maximum="2em" space-after.minimum="0.5em" space-after.optimum="1em" space-after.maximum="2em" id="toc...openstack-identity-starter-guide"><fo:block><fo:block><fo:block space-before.minimum="1em" space-before.optimum="1.5em" space-before.maximum="2em" space-after="0.5em" margin-left="0pt" start-indent="0pt" font-size="20.736pt" font-weight="bold" color="rgb(196,0,34)" font-family="CartoGothic Std">Table of Contents</fo:block></fo:block></fo:block><fo:block text-align-last="justify" text-align="start" end-indent="24pt" last-line-end-indent="-24pt"><fo:inline keep-with-next.within-line="always"><fo:basic-link internal-destination="quick-guide-to-getting-started-with-keystone">1. Quick Guide to Getting Started with Keystone</fo:basic-link></fo:inline><fo:inline keep-together.within-line="always"> <fo:leader leader-pattern="dots" leader-pattern-width="3pt" leader-alignment="reference-area" keep-with-next.within-line="always"/> <fo:basic-link internal-destination="quick-guide-to-getting-started-with-keystone"><fo:page-number-citation ref-id="quick-guide-to-getting-started-with-keystone"/></fo:basic-link></fo:inline></fo:block><fo:block id="toc.openstack-identity-starter-guide.quick-guide-to-getting-started-with-keystone" margin-left="24pt"><fo:block text-align-last="justify" text-align="start" end-indent="24pt" last-line-end-indent="-24pt"><fo:inline keep-with-next.within-line="always"><fo:basic-link internal-destination="Identity-Service-Concepts-e1362">Identity Service Concepts</fo:basic-link></fo:inline><fo:inline keep-together.within-line="always"> <fo:leader leader-pattern="dots" leader-pattern-width="3pt" leader-alignment="reference-area" keep-with-next.within-line="always"/> <fo:basic-link internal-destination="Identity-Service-Concepts-e1362"><fo:page-number-citation ref-id="Identity-Service-Concepts-e1362"/></fo:basic-link></fo:inline></fo:block><fo:block text-align-last="justify" text-align="start" end-indent="24pt" last-line-end-indent="-24pt"><fo:inline keep-with-next.within-line="always"><fo:basic-link internal-destination="installing-openstack-identity-service">Installing the OpenStack Identity Service</fo:basic-link></fo:inline><fo:inline keep-together.within-line="always"> <fo:leader leader-pattern="dots" leader-pattern-width="3pt" leader-alignment="reference-area" keep-with-next.within-line="always"/> <fo:basic-link internal-destination="installing-openstack-identity-service"><fo:page-number-citation ref-id="installing-openstack-identity-service"/></fo:basic-link></fo:inline></fo:block><fo:block text-align-last="justify" text-align="start" end-indent="24pt" last-line-end-indent="-24pt"><fo:inline keep-with-next.within-line="always"><fo:basic-link internal-destination="starting-identity-service">Starting the Identity Service</fo:basic-link></fo:inline><fo:inline keep-together.within-line="always"> <fo:leader leader-pattern="dots" leader-pattern-width="3pt" leader-alignment="reference-area" keep-with-next.within-line="always"/> <fo:basic-link internal-destination="starting-identity-service"><fo:page-number-citation ref-id="starting-identity-service"/></fo:basic-link></fo:inline></fo:block><fo:block text-align-last="justify" text-align="start" end-indent="24pt" last-line-end-indent="-24pt"><fo:inline keep-with-next.within-line="always"><fo:basic-link internal-destination="configuring-the-identity-service">Configuring the Identity Service</fo:basic-link></fo:inline><fo:inline keep-together.within-line="always"> <fo:leader leader-pattern="dots" leader-pattern-width="3pt" leader-alignment="reference-area" keep-with-next.within-line="always"/> <fo:basic-link internal-destination="configuring-the-identity-service"><fo:page-number-citation ref-id="configuring-the-identity-service"/></fo:basic-link></fo:inline></fo:block><fo:block text-align-last="justify" text-align="start" end-indent="24pt" last-line-end-indent="-24pt"><fo:inline keep-with-next.within-line="always"><fo:basic-link internal-destination="dependencies">Dependencies</fo:basic-link></fo:inline><fo:inline keep-together.within-line="always"> <fo:leader leader-pattern="dots" leader-pattern-width="3pt" leader-alignment="reference-area" keep-with-next.within-line="always"/> <fo:basic-link internal-destination="dependencies"><fo:page-number-citation ref-id="dependencies"/></fo:basic-link></fo:inline></fo:block><fo:block text-align-last="justify" text-align="start" end-indent="24pt" last-line-end-indent="-24pt"><fo:inline keep-with-next.within-line="always"><fo:basic-link internal-destination="creating-tenants-users-roles-tokens-and-endpoints">Creating Tenants, Users, Roles, Tokens and Endpoints</fo:basic-link></fo:inline><fo:inline keep-together.within-line="always"> <fo:leader leader-pattern="dots" leader-pattern-width="3pt" leader-alignment="reference-area" keep-with-next.within-line="always"/> <fo:basic-link internal-destination="creating-tenants-users-roles-tokens-and-endpoints"><fo:page-number-citation ref-id="creating-tenants-users-roles-tokens-and-endpoints"/></fo:basic-link></fo:inline></fo:block><fo:block text-align-last="justify" text-align="start" end-indent="24pt" last-line-end-indent="-24pt"><fo:inline keep-with-next.within-line="always"><fo:basic-link internal-destination="curl-examples">Curl examples</fo:basic-link></fo:inline><fo:inline keep-together.within-line="always"> <fo:leader leader-pattern="dots" leader-pattern-width="3pt" leader-alignment="reference-area" keep-with-next.within-line="always"/> <fo:basic-link internal-destination="curl-examples"><fo:page-number-citation ref-id="curl-examples"/></fo:basic-link></fo:inline></fo:block></fo:block></fo:block></fo:flow></fo:page-sequence><fo:page-sequence xmlns:axf="http://www.antennahouse.com/names/XSL/Extensions" hyphenate="true" master-reference="body" language="en" format="1" initial-page-number="1" force-page-count="no-force" hyphenation-character="-" hyphenation-push-character-count="2" hyphenation-remain-character-count="2"><fo:static-content xmlns:exslt="http://exslt.org/common" flow-name="xsl-region-before-first"><fo:block-container reference-orientation="90" absolute-position="fixed" top="-1in" overflow="visible" height="2in" width="30in" z-index="1"><fo:block padding-before=".45in" font-size="1.5em" color="gray" font-weight="bold"><fo:leader leader-pattern="use-content" leader-length="30in" letter-spacing=".1em"> </fo:leader></fo:block></fo:block-container><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-bottom-width="0.5pt" border-bottom-style="solid" border-bottom-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="before" relative-align="baseline"><fo:block><fo:block>OpenStack Identity Starter Guide</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="before" relative-align="baseline"><fo:block><fo:block>Sep 28, 2011</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="right" display-align="before" relative-align="baseline"><fo:block><fo:block>trunk</fo:block></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content xmlns:exslt="http://exslt.org/common" flow-name="xsl-region-before-odd"><fo:block-container reference-orientation="90" absolute-position="fixed" top="-1in" overflow="visible" height="2in" width="30in" z-index="1"><fo:block padding-before=".45in" font-size="1.5em" color="gray" font-weight="bold"><fo:leader leader-pattern="use-content" leader-length="30in" letter-spacing=".1em"> </fo:leader></fo:block></fo:block-container><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-bottom-width="0.5pt" border-bottom-style="solid" border-bottom-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="before" relative-align="baseline"><fo:block><fo:block>OpenStack Identity Starter Guide</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="before" relative-align="baseline"><fo:block><fo:block>Sep 28, 2011</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="right" display-align="before" relative-align="baseline"><fo:block><fo:block>trunk</fo:block></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content xmlns:exslt="http://exslt.org/common" flow-name="xsl-region-before-even"><fo:block-container reference-orientation="90" absolute-position="fixed" top="-1in" overflow="visible" height="2in" width="30in" z-index="1"><fo:block padding-before=".45in" font-size="1.5em" color="gray" font-weight="bold"><fo:leader leader-pattern="use-content" leader-length="30in" letter-spacing=".1em"> </fo:leader></fo:block></fo:block-container><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-bottom-width="0.5pt" border-bottom-style="solid" border-bottom-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="before" relative-align="baseline"><fo:block><fo:block>OpenStack Identity Starter Guide</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="before" relative-align="baseline"><fo:block><fo:block>Sep 28, 2011</fo:block></fo:block></fo:table-cell><fo:table-cell text-align="right" display-align="before" relative-align="baseline"><fo:block><fo:block>trunk</fo:block></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content xmlns:exslt="http://exslt.org/common" flow-name="xsl-region-before-blank"><fo:block-container reference-orientation="90" absolute-position="fixed" top="-1in" overflow="visible" height="2in" width="30in" z-index="1"><fo:block padding-before=".45in" font-size="1.5em" color="gray" font-weight="bold"><fo:leader leader-pattern="use-content" leader-length="30in" letter-spacing=".1em"> </fo:leader></fo:block></fo:block-container><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-bottom-width="0.5pt" border-bottom-style="solid" border-bottom-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="before" relative-align="baseline"><fo:block><fo:block/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="before" relative-align="baseline"><fo:block><fo:block/></fo:block></fo:table-cell><fo:table-cell text-align="right" display-align="before" relative-align="baseline"><fo:block><fo:block/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content flow-name="xsl-footnote-separator"><fo:block><fo:leader color="black" leader-pattern="rule" leader-length="1in"/></fo:block></fo:static-content><fo:static-content flow-name="xsl-region-after-first"><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-top-width="0.5pt" border-top-style="solid" border-top-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"><fo:page-number/></fo:block></fo:block></fo:table-cell><fo:table-cell text-align="end" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content flow-name="xsl-region-after-odd"><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-top-width="0.5pt" border-top-style="solid" border-top-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"><fo:page-number/></fo:block></fo:block></fo:table-cell><fo:table-cell text-align="end" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content flow-name="xsl-region-after-even"><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-top-width="0.5pt" border-top-style="solid" border-top-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"><fo:page-number/></fo:block></fo:block></fo:table-cell><fo:table-cell text-align="end" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:static-content flow-name="xsl-region-after-blank"><fo:block font-family="CartoGothic Std" margin-left="0pt"><fo:table table-layout="fixed" width="100%" border-top-width="0.5pt" border-top-style="solid" border-top-color="black"><fo:table-column column-number="1" column-width="proportional-column-width(1)"/><fo:table-column column-number="2" column-width="proportional-column-width(1)"/><fo:table-column column-number="3" column-width="proportional-column-width(1)"/><fo:table-body><fo:table-row block-progression-dimension.minimum="14pt"><fo:table-cell text-align="start" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="center" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell><fo:table-cell text-align="end" display-align="after" relative-align="baseline"><fo:block><fo:block xmlns:exslt="http://exslt.org/common"/></fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:static-content><fo:flow flow-name="xsl-region-body" start-indent="4pc" end-indent="0pt"><fo:block id="quick-guide-to-getting-started-with-keystone"><fo:block font-family="CartoGothic Std"><fo:block margin-left="0pt"><fo:block font-size="24.8832pt" font-weight="bold"><fo:block keep-with-next.within-column="always" space-before.optimum="10pt" space-before.minimum="10pt * 0.8" space-before.maximum="10pt * 1.2" hyphenate="false" text-align="start" start-indent="0pt" font-family="CartoGothic Std" color="rgb(196,0,34)" hyphenation-character="-" hyphenation-push-character-count="2" hyphenation-remain-character-count="2">1. Quick Guide to Getting Started with Keystone</fo:block></fo:block></fo:block></fo:block></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
The OpenStack Identity Service provides services for authenticating and managing user, account, and role information for OpenStack clouds running on OpenStack Compute and as an authorization service for OpenStack Object Storage.</fo:block><fo:block id="Identity-Service-Concepts-e1362"><fo:block><fo:block><fo:block keep-together.within-column="always" margin-left="0pt" font-family="CartoGothic Std"><fo:block keep-with-next.within-column="always"><fo:block font-family="CartoGothic Std" font-weight="bold" keep-with-next.within-column="always" space-before.minimum="0.8em" space-before.optimum="1.0em" space-before.maximum="1.2em" text-align="start" start-indent="0pt" color="rgb(196,0,34)"><fo:marker marker-class-name="section.head.marker">Identity Service Concepts</fo:marker><fo:block font-size="20.735999999999997pt">Identity Service Concepts</fo:block></fo:block></fo:block></fo:block></fo:block></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
The Keystone Identity Service has several key concepts which are
important to understand:
</fo:block><fo:list-block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" space-after.optimum="1em" space-after.minimum="0.8em" space-after.maximum="1.2em" id="d6e29" provisional-distance-between-starts="14em * 0.60+1em" provisional-label-separation="1em"><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e30"><fo:list-item-label end-indent="label-end()" text-align="start"><fo:block><fo:inline>User</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>A digital representation of a person, system, or service who uses OpenStack cloud services.
Keystone authentication services will validate that incoming request are being made by the user
who claims to be making the call. Users have a login and may be assigned tokens to access
resources. Users may be directly assigned to a particular tenant and
behave as if they are contained in that tenant.</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e34"><fo:list-item-label end-indent="label-end()" text-align="start"><fo:block><fo:inline>Credentials</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
Data that belongs to, is owned by, and generally only known by a user that the user can present
to prove they are who they are (since nobody else should know that data).
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Examples are:
<fo:list-block provisional-label-separation="0.2em" provisional-distance-between-starts="1.0em" id="d6e39"><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e40"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>a matching username and password</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e42"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>a matching username and API key</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e44"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>yourself and a driver's license with a picture of you</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e46"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>a token that was issued to you that nobody else knows of</fo:block></fo:block></fo:list-item-body></fo:list-item></fo:list-block>
</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e48"><fo:list-item-label end-indent="label-end()" text-align="start"><fo:block><fo:inline>Authentication</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
In the context of Keystone, authentication is the act of confirming the identity of a
user or the truth of a claim.
Keystone will confirm that incoming request are being made by the user
who claims to be making the call by validating a set of claims that the user is making.
These claims are initially in the form of a set of credentials (username &amp; password,
or username and API key). After initial confirmation, Keystone will issue the user a token
which the user can then provide to demonstrate that their identity has been authenticated
when making subsequent requests.
</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e52"><fo:list-item-label end-indent="label-end()" text-align="start"><fo:block><fo:inline>Token</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
A token is an arbitrary bit of text that is used to access
resources. Each token has a scope which describes which
resources are accessible with it. A token may be
revoked at anytime and is valid for a finite duration.
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
While Keystone supports token-based authentication in this release,
the intention is for it to support additional protocols in the
future. The intent is for it to be an integration service foremost, and not
a aspire to be a full-fledged identity store and management solution.
</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e57"><fo:list-item-label end-indent="label-end()" text-align="start"><fo:block><fo:inline>Tenant</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
A container used to group or isolate resources and/or identity
objects. Depending on the service operator, a tenant may map to a customer,
account, organization, or project.
</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e61"><fo:list-item-label end-indent="label-end()" text-align="start"><fo:block><fo:inline>Service</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
An OpenStack service, such as Compute (Nova), Object Storage (Swift), or Image Service (Glance). A service provides
one or more endpoints through which users can access resources and perform
(presumably useful) operations.
</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e65"><fo:list-item-label end-indent="label-end()" text-align="start"><fo:block><fo:inline>Endpoint</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
An network-accessible address, usually described by URL, where a service may be accessed. If using an extension for templates, you can create an endpoint template, which represents the templates of all the consumable services that are available across the regions.
</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e69"><fo:list-item-label end-indent="label-end()" text-align="start"><fo:block><fo:inline>Role</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block> A personality that a user assumes when performing a specific set of operations.
A role includes a set of right and privileges. A user assuming that role inherits
those rights and privileges.
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
In Keystone, a token that is issued to a user includes the list of roles that user
can assume. Services that are being called by that user determine how they interpret the set
of roles a user has and which operations or resources each roles grants access to.
</fo:block></fo:block></fo:list-item-body></fo:list-item></fo:list-block></fo:block><fo:block id="installing-openstack-identity-service"><fo:block><fo:block><fo:block keep-together.within-column="always" margin-left="0pt" font-family="CartoGothic Std"><fo:block keep-with-next.within-column="always"><fo:block font-family="CartoGothic Std" font-weight="bold" keep-with-next.within-column="always" space-before.minimum="0.8em" space-before.optimum="1.0em" space-before.maximum="1.2em" text-align="start" start-indent="0pt" color="rgb(196,0,34)"><fo:marker marker-class-name="section.head.marker">Installing the OpenStack Identity Service</fo:marker><fo:block font-size="20.735999999999997pt">Installing the OpenStack Identity Service</fo:block></fo:block></fo:block></fo:block></fo:block></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">You can install the Identity service from packages or from source.</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
To install the latest version of the Identity Service (Keystone) from the Github
repositories, following the following instructions.
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
For Debian/Ubuntu, add the Keystone PPA to your sources.lst:
</fo:block><fo:list-block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" space-after.optimum="1em" space-after.minimum="0.8em" space-after.maximum="1.2em" provisional-label-separation="0.2em" provisional-distance-between-starts="1.2em" id="d6e79"><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e80"><fo:list-item-label end-indent="label-end()"><fo:block>1.</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
$&gt; sudo add-apt-repository ppa:keystone-core/trunk $&gt;
sudo apt-get update
</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e82"><fo:list-item-label end-indent="label-end()"><fo:block>2.</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
Install Keystone:
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"> $&gt; sudo apt-get install keystone </fo:block></fo:block></fo:list-item-body></fo:list-item></fo:list-block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
To install the latest version of Keystone from the Launchpad
Bazaar repositories, following the following instructions.
</fo:block><fo:list-block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" space-after.optimum="1em" space-after.minimum="0.8em" space-after.maximum="1.2em" provisional-label-separation="0.2em" provisional-distance-between-starts="1.2em" id="d6e86"><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e87"><fo:list-item-label end-indent="label-end()"><fo:block>1.</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
Grab the source tarball from
<fo:basic-link external-destination="url(https://github.com/openstack/keystone)"><fo:inline>Github</fo:inline></fo:basic-link>
</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e90"><fo:list-item-label end-indent="label-end()"><fo:block>2.</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
Untar the source tarball:
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
$&gt; tar -xzf &lt;FILE&gt;
</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e93"><fo:list-item-label end-indent="label-end()"><fo:block>3.</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
Change into the package directory and build/install:
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
$&gt; cd keystone-&lt;RELEASE&gt; $&gt; sudo python setup.py
install
</fo:block></fo:block></fo:list-item-body></fo:list-item></fo:list-block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
To install the latest version of Keystone from the Github
repositories, see the following instructions.
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"> These are for Debian/Ubuntu.</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" space-after.optimum="1em" space-after.minimum="0.8em" space-after.maximum="1.2em" id="d6e98"><fo:list-block provisional-distance-between-starts="36pt + 18pt" provisional-label-separation="18pt"><fo:list-item><fo:list-item-label end-indent="label-end()"><fo:block><fo:external-graphic width="auto" height="auto" content-width="36pt" src="url(/Users/anne.gentle/src/openstack-manuals/doc/src/docbkx/openstack-identity-service-starter/target/docbkx/images/note.svg)"/></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block font-size="14pt" font-weight="bold" hyphenate="false" keep-with-next.within-column="always" color="rgb(196,0,34)" font-family="CartoGothic Std">Note</fo:block><fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">If you want to build the Keystone documentation locally, you will also want
to install the python-sphinx package.</fo:block></fo:block></fo:list-item-body></fo:list-item></fo:list-block></fo:block><fo:list-block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" space-after.optimum="1em" space-after.minimum="0.8em" space-after.maximum="1.2em" provisional-label-separation="0.2em" provisional-distance-between-starts="1.2em" id="d6e100"><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e101"><fo:list-item-label end-indent="label-end()"><fo:block>1.</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
Install Git and build dependencies:
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"> $&gt; sudo apt-get install git python-eventlet python-routes python-greenlet
swift $&gt; sudo apt-get install python-argparse python-sqlalchemy python-wsgiref
python-pastedeploy </fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e104"><fo:list-item-label end-indent="label-end()"><fo:block>2.</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
Branch Keystone's trunk branch. (See
<fo:basic-link external-destination="url(http://wiki.openstack.org/GerritWorkflow)"><fo:inline>http://wiki.openstack.org/GerritWorkflow</fo:inline></fo:basic-link>
to get the project initially setup):
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
$&gt; git checkout master $&gt; git pull origin master
</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e108"><fo:list-item-label end-indent="label-end()"><fo:block>3.</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>
Install Keystone:
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
$&gt; sudo python setup.py install
</fo:block></fo:block></fo:list-item-body></fo:list-item></fo:list-block></fo:block><fo:block id="starting-identity-service"><fo:block><fo:block><fo:block keep-together.within-column="always" margin-left="0pt" font-family="CartoGothic Std"><fo:block keep-with-next.within-column="always"><fo:block font-family="CartoGothic Std" font-weight="bold" keep-with-next.within-column="always" space-before.minimum="0.8em" space-before.optimum="1.0em" space-before.maximum="1.2em" text-align="start" start-indent="0pt" color="rgb(196,0,34)"><fo:marker marker-class-name="section.head.marker">Starting the Identity Service</fo:marker><fo:block font-size="20.735999999999997pt">Starting the Identity Service</fo:block></fo:block></fo:block></fo:block></fo:block></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">By default, configuration parameters (such as the IP and port binding for each service) are parsed from etc/keystone.conf, so ensure it is up-to-date prior to starting the service.</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">To start up the Keystone service, enter the following:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e115">$ cd ~/keystone/bin &amp;&amp; ./keystone </fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">In return you should see something like this:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e117">Starting the Legacy Authentication component
Service API listening on 0.0.0.0:5000
Admin API listening on 0.0.0.0:5001</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Use this command for starting the auth server only which exposes the Service API:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e119">$ ./bin/keystone-auth</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Use this command for starting the admin server only which exposes the Admin API:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e121">$ ./bin/keystone-admin</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">After starting keystone or running keystone-manage a keystone.db sqlite database should be created in the keystone folder.</fo:block></fo:block><fo:block id="configuring-the-identity-service"><fo:block><fo:block><fo:block keep-together.within-column="always" margin-left="0pt" font-family="CartoGothic Std"><fo:block keep-with-next.within-column="always"><fo:block font-family="CartoGothic Std" font-weight="bold" keep-with-next.within-column="always" space-before.minimum="0.8em" space-before.optimum="1.0em" space-before.maximum="1.2em" text-align="start" start-indent="0pt" color="rgb(196,0,34)"><fo:marker marker-class-name="section.head.marker">Configuring the Identity Service</fo:marker><fo:block font-size="20.735999999999997pt">Configuring the Identity Service</fo:block></fo:block></fo:block></fo:block></fo:block></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Here are the steps to get started with authentication using Keystone, the project name for
the OpenStack Identity Service. </fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Typically a project that uses Keystone has settings in a configuration file:</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
<fo:list-block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" space-after.optimum="1em" space-after.minimum="0.8em" space-after.maximum="1.2em" provisional-label-separation="0.2em" provisional-distance-between-starts="1.0em" id="d6e128"><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e129"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>In Compute, the settings are in etc/nova/api-paste.ini, but Keystone also provides
an example file in keystone/examples/paste/nova-api-paste.ini. Restart the nova-api
service for these settings to be configured.</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e131"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>In Image Service, the settings are in glance-api.conf and glance-registry.conf
configuration files in the examples/paste directory. Restart the glance-api service and
also ensure your environment contains OS_AUTH credentials which you can set up with tools/nova_to_os_env.sh provided by the Glance project.</fo:block></fo:block></fo:list-item-body></fo:list-item><fo:list-item space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" id="d6e133"><fo:list-item-label end-indent="label-end()"><fo:block></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:block>In Object Storage, the settings are held in /etc/swift/proxy-server.conf in a
[filter:keystone] section. Use <fo:inline font-family="monospace">swift-init main start</fo:inline> to restart Object
Storage with the new configuration. Here's an example
/etc/swift/proxy-server.conf:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e136">
[DEFAULT]
bind_port = 8888
user = &lt;user&gt;
[pipeline:main]
pipeline = catch_errors cache keystone proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = true
[filter:keystone]
use = egg:keystone#tokenauth
auth_protocol = http
auth_host = 127.0.0.1
auth_port = 5001
admin_token = 999888777666
delay_auth_decision = 0
service_protocol = http
service_host = 127.0.0.1
service_port = 8100
service_pass = dTpw
[filter:cache]
use = egg:swift#memcache
set log_name = cache
[filter:catch_errors]
use = egg:swift#catch_errors
</fo:block></fo:block></fo:list-item-body></fo:list-item></fo:list-block>
</fo:block></fo:block><fo:block id="dependencies"><fo:block><fo:block><fo:block keep-together.within-column="always" margin-left="0pt" font-family="CartoGothic Std"><fo:block keep-with-next.within-column="always"><fo:block font-family="CartoGothic Std" font-weight="bold" keep-with-next.within-column="always" space-before.minimum="0.8em" space-before.optimum="1.0em" space-before.maximum="1.2em" text-align="start" start-indent="0pt" color="rgb(196,0,34)"><fo:marker marker-class-name="section.head.marker">Dependencies</fo:marker><fo:block font-size="20.735999999999997pt">Dependencies</fo:block></fo:block></fo:block></fo:block></fo:block></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Once Keystone is installed you need to initialize the database. You can do so with the keystone-manage command line utility. The keystone-manage utility helps with managing and configuring a Keystone installation. You configure the keystone-manage utility itself with a SQL Alchemy connection configuration via a parameter passed to the utility:</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">--sql_connection=CONN_STRING</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Where the CONN_STRING is a proper SQLAlchemy connection string as described in
http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html?highlight=engine#sqlalchemy.create_engine.</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">One important use of keystone-manage is to setup the database. To do so, run:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e144">
keystone-manage db_sync</fo:block></fo:block><fo:block id="creating-tenants-users-roles-tokens-and-endpoints"><fo:block><fo:block><fo:block keep-together.within-column="always" margin-left="0pt" font-family="CartoGothic Std"><fo:block keep-with-next.within-column="always"><fo:block font-family="CartoGothic Std" font-weight="bold" keep-with-next.within-column="always" space-before.minimum="0.8em" space-before.optimum="1.0em" space-before.maximum="1.2em" text-align="start" start-indent="0pt" color="rgb(196,0,34)"><fo:marker marker-class-name="section.head.marker">Creating Tenants, Users, Roles, Tokens and Endpoints</fo:marker><fo:block font-size="20.735999999999997pt">Creating Tenants, Users, Roles, Tokens and Endpoints</fo:block></fo:block></fo:block></fo:block></fo:block></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Sample data entries are available in keystone/bin/sampledata.sh. The following are just
examples for a walk-through.</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" space-after.optimum="1em" space-after.minimum="0.8em" space-after.maximum="1.2em" id="d6e148"><fo:list-block provisional-distance-between-starts="36pt + 18pt" provisional-label-separation="18pt"><fo:list-item><fo:list-item-label end-indent="label-end()"><fo:block><fo:external-graphic width="auto" height="auto" content-width="36pt" src="url(/Users/anne.gentle/src/openstack-manuals/doc/src/docbkx/openstack-identity-service-starter/target/docbkx/images/note.svg)"/></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block font-size="14pt" font-weight="bold" hyphenate="false" keep-with-next.within-column="always" color="rgb(196,0,34)" font-family="CartoGothic Std">Note</fo:block><fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
Some reserved roles are defined (and can be modified) through the keystone.conf in the /etc folder.</fo:block></fo:block></fo:list-item-body></fo:list-item></fo:list-block></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Add two tenants, and administrative tenant and a tenant named demo. Tenants are equivalent to projects in the previous auth system in Compute. In Object Storage, Tenants are similar to accounts in the swauth system.</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e151"> bin/keystone-manage tenant add admin
bin/keystone-manage tenant add demo</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Next add two users to the Identity Service and assign their passwords. The last value in the list is an ID number.</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e153"> bin/keystone-manage user add admin p4ssw0rd 1
bin/keystone-manage user add demo p455w0rd 2</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Now you can assign roles, which includes a set of rights and privileges that are double-checked with the token that the user is issued.</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e155"> bin/keystone-manage role add Admin
bin/keystone-manage role add Member
bin/keystone-manage role grant Admin admin</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Now define the endpointTemplates, which are URLs plus port values that indicate where a service may be accessed. This example shows many services available to Compute including the Image Service, the Object Storage service, as well as Identity itself. Since there is just one zone in this example, it represents all the services across the single region (but could also represent all the regions).</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e157"> bin/keystone-manage endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1
bin/keystone-manage endpointTemplates add RegionOne nova_compat http://%HOST_IP%:8774/v1.0/ http://%HOST_IP%:8774/v1.0 http://%HOST_IP%:8774/v1.0 1 1
bin/keystone-manage endpointTemplates add RegionOne nova http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1
bin/keystone-manage endpointTemplates add RegionOne glance http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% 1 1
bin/keystone-manage endpointTemplates add RegionOne identity http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"> Now you add a default token for the admin user to get when requesting a token.</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e159">bin/keystone-manage token add 999888777666 1 1 2015-02-05T00:00</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">This section adds the tenant endpoints for each user created above (admin with ID 1 and demo with ID 2).</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e161"> bin/keystone-manage endpoint add 1 1
bin/keystone-manage endpoint add 1 2
bin/keystone-manage endpoint add 1 3
bin/keystone-manage endpoint add 1 4
bin/keystone-manage endpoint add 1 5
bin/keystone-manage endpoint add 1 6
bin/keystone-manage endpoint add 2 1
bin/keystone-manage endpoint add 2 2
bin/keystone-manage endpoint add 2 3
bin/keystone-manage endpoint add 2 4
bin/keystone-manage endpoint add 2 5
bin/keystone-manage endpoint add 2 6</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">You can configure Identity and Compute with a single region or multiple regions using
zones. You need to add a label for the endpoint for each region. Having a single region
doesn't require any work other than adding label.</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">
<fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e164">keystone-manage endpointTemplates add SWRegion identity http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1</fo:block>
</fo:block></fo:block><fo:block id="curl-examples"><fo:block><fo:block><fo:block keep-together.within-column="always" margin-left="0pt" font-family="CartoGothic Std"><fo:block keep-with-next.within-column="always"><fo:block font-family="CartoGothic Std" font-weight="bold" keep-with-next.within-column="always" space-before.minimum="0.8em" space-before.optimum="1.0em" space-before.maximum="1.2em" text-align="start" start-indent="0pt" color="rgb(196,0,34)"><fo:marker marker-class-name="section.head.marker">Curl examples</fo:marker><fo:block font-size="20.735999999999997pt">Curl examples</fo:block></fo:block></fo:block></fo:block></fo:block></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">All examples assume default port usage (5001) and use the example admin account created above.</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"><fo:inline font-style="italic">Admin Initial GET</fo:inline></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Retrieves version, full API url, pdf doc link, and wadl link:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e172">$&gt; curl http://0.0.0.0:5001</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">or:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e174">$&gt; curl http://0.0.0.0:5001/v2.0/</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"><fo:inline font-style="italic">Retrieve token:</fo:inline></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">To retrieve the token and expiration date for a user:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e178">$&gt; curl -d '{"passwordCredentials":{"username": "MyAdmin", "password": "P@ssw0rd"}}' -H "Content-type: application/json" http://localhost:5001/v2.0/tokens</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">This will return something like:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e180">$&gt; {"auth": {"token": {"expires": "2011-08-10T17:45:22.838440", "id": "0eed0ced-4667-4221-a0b2-24c91f242b0b"}}}</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em" space-after.optimum="1em" space-after.minimum="0.8em" space-after.maximum="1.2em" id="d6e181"><fo:list-block provisional-distance-between-starts="36pt + 18pt" provisional-label-separation="18pt"><fo:list-item><fo:list-item-label end-indent="label-end()"><fo:block><fo:external-graphic width="auto" height="auto" content-width="36pt" src="url(/Users/anne.gentle/src/openstack-manuals/doc/src/docbkx/openstack-identity-service-starter/target/docbkx/images/note.svg)"/></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block font-size="14pt" font-weight="bold" hyphenate="false" keep-with-next.within-column="always" color="rgb(196,0,34)" font-family="CartoGothic Std">Note</fo:block><fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Save the “id” value as youll be using it in the calls below.</fo:block></fo:block></fo:list-item-body></fo:list-item></fo:list-block></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"><fo:inline font-style="italic">To retrieve a list of tenants:</fo:inline></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Run:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e186">$&gt; curl -H "X-Auth-Token:999888777666" http://localhost:5001/v2.0/tenants</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">This will return something like:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e188">$&gt; {"tenants": {"values": [{"enabled": 1, "id": "MyTenant", "description": null}], "links": []}}</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"><fo:inline font-style="italic">Retrieve a list of users:</fo:inline></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"> Run:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e192">$&gt; curl -H "X-Auth-Token:999888777666" http://localhost:5001/v2.0/users</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">This will return something like:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e194">$&gt; {"users": {"values": [{"email": null, "enabled": true, "id": "MyAdmin", "tenantId": "MyTenant"}], "links": []}}</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"><fo:inline font-style="italic">Retrieve information about the token:</fo:inline></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Run:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e198">$&gt; curl -H "X-Auth-Token:999888777666" http://localhost:5001/v2.0/tokens/0eed0ced-4667-4221-a0b2-24c91f242b0b</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"> This will return something like:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e200">$&gt; {"auth": {"token": {"expires": "2011-08-11T04:26:58.145171", "id": "0eed0ced-4667-4221-a0b2-24c91f242b0b"}, "user": {"username": "MyAdmin", "roleRefs": [{"roleId": "Admin", "id": 1}], "tenantId": "MyTenant"}}}</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"><fo:inline font-style="italic"> Revoking a token:</fo:inline></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Run:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e204">$&gt; curl -X DELETE -H "X-Auth-Token:999888777666" http://localhost:5001/tokens/0eed0ced-4667-4221-a0b2-24c91f242b0b</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"><fo:inline font-style="italic">Creating a tenant:</fo:inline></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Run:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e208"> $&gt; curl -H "X-Auth-Token:999888777666" -H "Content-type: application/json" -d '{"tenant":{"id":"MyTenant2", "description":"My 2nd Tenant", "enabled":true}}' http://localhost:5001/tenants</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"> This will return something like:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e210">$&gt; {"tenant": {"enabled": true, "id": "MyTenant2", "description": "My 2nd Tenant"}}</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"><fo:inline font-style="italic">Verifying the tenant:</fo:inline></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Run:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e214">$&gt; curl -H "X-Auth-Token:999888777666" http://localhost:5001/v2.0/tenants/MyTenant2</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">This will return something like:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e216">$&gt; {"tenant": {"enabled": 1, "id": "MyTenant2", "description": "My 2nd Tenant"}}</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"><fo:inline font-style="italic">Updating the tenant:</fo:inline></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Run:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e220">$&gt; curl -X PUT -H "X-Auth-Token:999888777666" -H "Content-type: application/json" -d '{"tenant":{"description":"My NEW 2nd Tenant"}}' http://localhost:5001/v2.0/tenants/MyTenant2
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">This will return something like:
</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e222">$&gt; {"tenant": {"enabled": true, "id": "MyTenant2", "description": "My NEW 2nd Tenant"}}
</fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em"><fo:inline font-style="italic">Deleting the tenant:</fo:inline></fo:block><fo:block space-before.optimum="1em" space-before.minimum="0.8em" space-before.maximum="1.2em">Run:</fo:block><fo:block space-before.minimum="0.8em" space-before.optimum="1em" space-before.maximum="1.2em" space-after.minimum="0.8em" space-after.optimum="1em" space-after.maximum="1.2em" hyphenate="false" wrap-option="wrap" white-space-collapse="false" white-space-treatment="preserve" linefeed-treatment="preserve" text-align="start" font-family="monospace" font-size="85%" hyphenation-character="\" background-color="#E0E0E0" id="d6e226">$&gt; curl -X DELETE -H "X-Auth-Token:999888777666" http://localhost:5001/v2.0/tenants/MyTenant2</fo:block></fo:block></fo:flow></fo:page-sequence></fo:root>
View Git Blame Copy Permalink