Public bug reported: Ceph Object Gateway can use keystone for authenticating user requests to its S3-compatible API, but recent versions also provide two other AWS- compatible APIs for managing user access: Security Token Service (STS) and Identity and Access Management (IAM). These attempt to authenticate requests with Keystone but always receive 403 Access Denied. This is because api/s3tokens.py only accepts "s3" as the service name.
Workaround: https://docs.ceph.com/en/latest/radosgw/STSLite /#limitations-and-workarounds ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1897280 Title: Keystone does not accept Ceph STS and IAM auth requests Status in OpenStack Identity (keystone): New Bug description: Ceph Object Gateway can use keystone for authenticating user requests to its S3-compatible API, but recent versions also provide two other AWS-compatible APIs for managing user access: Security Token Service (STS) and Identity and Access Management (IAM). These attempt to authenticate requests with Keystone but always receive 403 Access Denied. This is because api/s3tokens.py only accepts "s3" as the service name. Workaround: https://docs.ceph.com/en/latest/radosgw/STSLite /#limitations-and-workarounds To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1897280/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
