OpenStack Identity (keystone)

  1. Series ocata
  2. Bug #1687593
  3. Comment #8

Comment 8 for bug 1687593

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/464577
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=b7aece57d2845fcfa45a84e6d21a6188ddd192cc
Submitter: Jenkins
Branch: master

commit b7aece57d2845fcfa45a84e6d21a6188ddd192cc
Author: Hemanth Nakkina <email address hidden>
Date: Mon May 15 14:30:24 2017 +0530

    Change url scheme passed to oauth signature verifier

    Change 461736 modifies the url passed to oauth signature verifier to
    request url. But in some deployments, https endpoints are terminated
    at haproxy and http request is sent to keystone. So request url will
    have http as url scheme whereas the endpoint is registered with https
    and signature at client is done with https url. This results in OAUTH
    signature validation failure.

    Update URL sent for OAUTH signature verification with the scheme of
    the base url.

    Change-Id: Iaba285985b616a35e3dfe33cdd45667174e7c69d
    Partial-Bug: #1687593