Comment 10 for bug 1720816

I've done some more digging today, and got a handle on what is happening.

Webob exposes a synthesized req.params field - of both the query string and request body (POST) variables.

Any 'POST'ed request body variables (e.g. from heat-config-notify for OS::Heat::SoftwareDeployment resources) will interfere negatively with the signature calculation, resulting in an incorrect signature calculation - which keystone will reject.

The attached patch (that replaces the previous patch) only uses the query string parameters for calculating the signature.