diff --git a/keystone/common/tokenless_auth.py b/keystone/common/tokenless_auth.py
index 10d4b8cf56..fd9c1592a7 100644
--- a/keystone/common/tokenless_auth.py
+++ b/keystone/common/tokenless_auth.py
@@ -188,5 +188,5 @@ class TokenlessAuthHelper(object):
             raise exception.TokenlessAuthConfigError(
                 issuer_attribute=CONF.tokenless_auth.issuer_attribute)
 
-        hashed_idp = hashlib.sha256(idp)
+        hashed_idp = hashlib.sha256(idp.encode('utf-8'))
         return hashed_idp.hexdigest()
diff --git a/keystone/tests/unit/core.py b/keystone/tests/unit/core.py
index 41e5c51555..53f546b209 100644
--- a/keystone/tests/unit/core.py
+++ b/keystone/tests/unit/core.py
@@ -788,11 +788,11 @@ class TestCase(BaseTestCase):
             if isinstance(expected_regexp, six.string_types):
                 expected_regexp = re.compile(expected_regexp)
 
-            if isinstance(exc_value.args[0], unicode):
-                if not expected_regexp.search(unicode(exc_value)):
+            if isinstance(exc_value.args[0], six.text_type):
+                if not expected_regexp.search(six.text_type(exc_value)):
                     raise self.failureException(
                         '"%s" does not match "%s"' %
-                        (expected_regexp.pattern, unicode(exc_value)))
+                        (expected_regexp.pattern, six.text_type(exc_value)))
             else:
                 if not expected_regexp.search(str(exc_value)):
                     raise self.failureException(
diff --git a/keystone/tests/unit/test_middleware.py b/keystone/tests/unit/test_middleware.py
index 36fe0794b9..abcb0aa14f 100644
--- a/keystone/tests/unit/test_middleware.py
+++ b/keystone/tests/unit/test_middleware.py
@@ -40,7 +40,8 @@ class MiddlewareRequestTestBase(unit.TestCase):
     def _application(self):
         """A base wsgi application that returns a simple response."""
         def app(environ, start_response):
-            body = uuid.uuid4().hex
+            # WSGI requires the body of the response to be six.binary_type
+            body = uuid.uuid4().hex.encode('utf-8')
             resp_headers = [('Content-Type', 'text/html; charset=utf8'),
                             ('Content-Length', str(len(body)))]
             start_response('200 OK', resp_headers)
@@ -197,9 +198,10 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests,
         self.config_fixture.config(group='tokenless_auth',
                                    trusted_issuer=[self.trusted_issuer])
 
-        # This idp_id is calculated based on
-        # sha256(self.client_issuer)
-        hashed_idp = hashlib.sha256(self.client_issuer)
+        # client_issuer is encoded because you can't hash
+        # unicode objects with hashlib.
+        # This idp_id is calculated based on sha256(self.client_issuer)
+        hashed_idp = hashlib.sha256(self.client_issuer.encode('utf-8'))
         self.idp_id = hashed_idp.hexdigest()
         self._load_sample_data()
 
diff --git a/tox.ini b/tox.ini
index ff233d4fcf..d85c4fb9e4 100644
--- a/tox.ini
+++ b/tox.ini
@@ -48,6 +48,7 @@ commands =
       keystone/tests/unit/test_exception.py \
       keystone/tests/unit/test_ipv6.py \
       keystone/tests/unit/test_kvs.py \
+      keystone/tests/unit/test_middleware.py \
       keystone/tests/unit/test_no_admin_token_auth.py \
       keystone/tests/unit/test_policy.py \
       keystone/tests/unit/test_revoke.py \