I've just started playing around with Keystone under Apache. I have managed to get it embedded now and all services talking to it.
Now, I'm trying to get it to do apache authentication. The documentation states that it should honor REMOTE_USER if its present. The default wsgi-keystone.conf has this in it: <Location "/keystone"> NSSRequireSSL Authtype none </Location> Which Locations do you put Apache auth plugins on? Putting it on all of /keystone seems wrong. I tried putting it only on <Location "/keystone/main/v2.0/tokens"> and that didn't work either... Looking at the token api, it doesn't look like it does basic auth at all, expecting the username/password to be passed through a json document? So perhaps what I am trying to do will never work? Do I have to set some flag to get python-keystoneclient/Dashboard to pass the username/password as basicauth instead of in a json form? Thanks, Kevin ________________________________________ From: Miller, Mark M (EB SW Cloud - R&D - Corvallis) [mark.m.mil...@hp.com] Sent: Monday, August 12, 2013 4:17 PM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] Keystone Apache2 Installation Question Progress: Got Keystone working under Apache2 with HTTP based on the following 2 URLs . HTTPS is the next. https://keystone-voms.readthedocs.org/en/latest/requirements.html https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04 Mark From: Miller, Mark M (EB SW Cloud - R&D - Corvallis) Sent: Monday, August 12, 2013 3:10 PM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] Keystone Apache2 Installation Question Looks like I may be ahead of the game. It doesn’t look like this blueprint has been started yet. Am I correct? https://blueprints.launchpad.net/devstack/+spec/devstack-setup-apache-keystone A very valuable feature of Keystone is to configure it to leverage apache as its front end. As a means of demonstrating how this works, and to facilitate automated testing of this configuration in the future, support to devstack will be added to enable it to optionally install and configure keystone using apache as it front end. The design approach used will be that described in the keystone docs: https://github.com/openstack/keystone/blob/master/doc/source/apache-httpd.rst Thanks, Mark From: Miller, Mark M (EB SW Cloud - R&D - Corvallis) Sent: Monday, August 12, 2013 1:45 PM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] Keystone Apache2 Installation Question The commands/libraries do not exist for Ubuntu, Keystone no longer starts up, directories between the sets of documents do not match, … From: Dolph Mathews [mailto:dolph.math...@gmail.com] Sent: Monday, August 12, 2013 1:41 PM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] Keystone Apache2 Installation Question What problem(s) are you running into when following the above documentation / examples? On Mon, Aug 12, 2013 at 3:32 PM, Miller, Mark M (EB SW Cloud - R&D - Corvallis) <mark.m.mil...@hp.com<mailto:mark.m.mil...@hp.com>> wrote: Hello, I am looking for documentation on how to install/configure Apache2 as the Keystone front end for "Ubuntu 12.04". I have found various documentation snippets for a variety of applications and operating systems, but nothing for Ubuntu. Any pointers would greatly be appreciated. I have been trying to piece the installation/configuration from the following URLs but have yet to be successful. http://docs.openstack.org/developer/keystone/apache-httpd.html#keystone-configuration https://keystone-voms.readthedocs.org/en/latest/requirements.html https://github.com/enovance/keystone-wsgi-apache/blob/master/provision.sh http://adam.younglogic.com/2012/04/keystone-httpd/ Regards, Mark _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- -Dolph _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
