diff --git a/keystonemiddleware/auth_token/_cache.py b/keystonemiddleware/auth_token/_cache.py
index dbcdebfc..ce5faf66 100644
--- a/keystonemiddleware/auth_token/_cache.py
+++ b/keystonemiddleware/auth_token/_cache.py
@@ -11,6 +11,7 @@
 # under the License.
 
 import contextlib
+import hashlib
 
 from oslo_serialization import jsonutils
 import six
@@ -21,6 +22,22 @@ from keystonemiddleware.i18n import _, _LE
 from keystonemiddleware.openstack.common import memorycache
 
 
+def _hash_key(key):
+    """Turn a set of arguments into a SHA256 hash.
+
+    Using a known-length cache key is important to ensure that memcache
+    maximum key length is not exceeded causing failures to validate.
+    """
+    if isinstance(key, six.text_type):
+        # NOTE(morganfainberg): Ensure we are always working with a bytes
+        # type required for the hasher. In python 2.7 it is possible to
+        # get a text_type (unicode). In python 3.4 all strings are
+        # text_type and not bytes by default. This encode coerces the
+        # text_type to the appropriate bytes values.
+        key = key.encode('utf-8')
+    return hashlib.sha256(key).hexdigest()
+
+
 class _CachePool(list):
     """A lazy pool of cache references."""
 
@@ -178,7 +195,7 @@ class TokenCache(object):
         # NOTE(jamielennox): in the basic implementation there is no need for
         # a context so just pass None as it will only get passed back later.
         unused_context = None
-        return self._CACHE_KEY_TEMPLATE % token_id, unused_context
+        return self._CACHE_KEY_TEMPLATE % _hash_key(token_id), unused_context
 
     def _deserialize(self, data, context):
         """Deserialize data from the cache back into python objects.
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
index 7b3d574a..8657deb5 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@@ -500,6 +500,21 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
         token_response = self.examples.TOKEN_RESPONSES[token]
         self.assertTrue(auth_token._token_is_v3(token_response))
 
+    def test_fixed_cache_key_length(self):
+        self.set_middleware()
+        short_string = uuid.uuid4().hex
+        long_string = 8 * uuid.uuid4().hex
+
+        token_cache = self.middleware._token_cache
+        hashed_short_string_key, context_ = token_cache._get_cache_key(
+            short_string)
+        hashed_long_string_key, context_ = token_cache._get_cache_key(
+            long_string)
+
+        # The hash keys should always match in length
+        self.assertThat(hashed_short_string_key,
+                        matchers.HasLength(len(hashed_long_string_key)))
+
     @testtools.skipUnless(memcached_available(), 'memcached not available')
     def test_encrypt_cache_data(self):
         conf = {