OpenStack Identity (keystone)

'openstack token issue' command doesn't issue token for MFA enabled user

Bug #1865121 reported by Abhishek Sharma M
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Invalid
Undecided
Unassigned

Bug Description

User who has been to configured such that he can only get a token when he presents more than one modes of authentication, say password & totp. In these cases, 'openstack token issue' command gives 401 error as there is no means for providing totp as an argument.

Can a option like --totp be added, like 'openstack token issue --totp 123456' so that MFA users can also use this command to generate token?

Or is there any other way currently in openstack using which 'openstack token issue' command can be used to generate token for MFA users! like adding some environment variable in openrc & then eexcuting token issue.

Revision history for this message
Colleen Murphy (krinkle) wrote :

You were offline when I responded to your query on IRC:

http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2020-02-27.log.html#t2020-02-27T13:51:49

In short, the support is partially there already in keystoneauth:

https://docs.openstack.org/keystoneauth/latest/authentication-plugins.html#multi-factor-with-v3-identity-plugins

We just need to close the gap in python-openstackclient, so this bug will need to be filed in storyboard for osc:

https://storyboard.openstack.org/#!/project/975

Changed in keystone:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.