Certificates cannot be retrieved from the V3 API
Bug #1259011 reported by
Jamie Lennox
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Jamie Lennox | ||
keystonemiddleware |
Won't Fix
|
Wishlist
|
Unassigned | ||
openstack-api-site |
Fix Released
|
Wishlist
|
Jamie Lennox |
Bug Description
Auth_token middleware relies upon the V2 api to provide the certificates that are required to validate PKI tokens because this information is not provided by the V3 API.
Longer term i think we should be encouraging deployers to handle their own certificate distribution as fetching the certificates from the same source that is issuing tokens is not secure, however for the mean time we need some way of providing these certificates to token validators.
Changed in keystone: | |
milestone: | icehouse-2 → icehouse-3 |
Changed in openstack-api-site: | |
status: | Fix Committed → Fix Released |
importance: | Undecided → Wishlist |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | icehouse-3 → 2014.1 |
Changed in keystonemiddleware: | |
importance: | Undecided → Wishlist |
status: | New → Triaged |
no longer affects: | python-keystoneclient |
tags: | added: pki |
To post a comment you must log in.
Added keystoneclient as it should be able to make use of the certificates from a v3 api.