diff options
| author | Steve Martinelli <stevemar@ca.ibm.com> | 2013-03-20 20:02:18 -0700 |
|---|---|---|
| committer | Dolph Mathews <dolph.mathews@gmail.com> | 2013-08-16 13:02:24 -0500 |
| commit | bcaa3072f37d3af3f9d526f18f311411ceeae160 (patch) | |
| tree | 8c08bffaabf6c8f195f3d87b9a26edcdaf287371 /etc | |
| parent | 81534a182a4986d838591395aee8590ef61c599d (diff) | |
| download | keystone-bcaa3072f37d3af3f9d526f18f311411ceeae160.tar.gz keystone-bcaa3072f37d3af3f9d526f18f311411ceeae160.tar.xz keystone-bcaa3072f37d3af3f9d526f18f311411ceeae160.zip | |
Add delegated_auth support for keystone
Implements an OAuth 1.0a service provider.
blueprint: delegated-auth-via-oauth
DocImpact
SecurityImpact
Change-Id: Ib5561593ab608f3b22fbcd7196e2171f95b735e8
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/keystone-paste.ini | 3 | ||||
| -rw-r--r-- | etc/keystone.conf.sample | 13 |
2 files changed, 15 insertions, 1 deletions
diff --git a/etc/keystone-paste.ini b/etc/keystone-paste.ini index 0f4590a2..9c5545db 100644 --- a/etc/keystone-paste.ini +++ b/etc/keystone-paste.ini @@ -24,6 +24,9 @@ paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory [filter:ec2_extension] paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory +[filter:oauth_extension] +paste.filter_factory = keystone.contrib.oauth1.routers:OAuth1Extension.factory + [filter:s3_extension] paste.filter_factory = keystone.contrib.s3:S3Extension.factory diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample index 922d90c6..13d14317 100644 --- a/etc/keystone.conf.sample +++ b/etc/keystone.conf.sample @@ -163,6 +163,16 @@ [assignment] # driver = +[oauth1] +# driver = keystone.contrib.oauth1.backends.sql.OAuth1 + +# The Identity service may include expire attributes. +# If no such attribute is included, then the token lasts indefinitely. +# Specify how quickly the request token will expire (in seconds) +# request_token_duration = 28800 +# Specify how quickly the access token will expire (in seconds) +# access_token_duration = 86400 + [ssl] #enable = True #certfile = /etc/keystone/pki/certs/ssl_cert.pem @@ -289,10 +299,11 @@ # user_additional_attribute_mapping = [auth] -methods = external,password,token +methods = external,password,token,oauth1 #external = keystone.auth.plugins.external.ExternalDefault password = keystone.auth.plugins.password.Password token = keystone.auth.plugins.token.Token +oauth1 = keystone.auth.plugins.oauth1.OAuth [paste_deploy] # Name of the paste configuration file that defines the available pipelines |