OpenStack Identity (keystone)

keystone auth plugin tutorial

Asked by Dawid

Hello,
is there any keystone auth plugin development tutorial? I can't find any suitable. I can see that there is a keystone.auth package
with plugins inside - is it enough to add there my own auth module?
And what about the keystone.token - if I would like to have additional token mechanism distinct form the default one - can I add it to the keystone as a plugin? Or it would require more deep code integration? It will be related to the authentication of credentials and returning a different token now achieved by: {"auth": {"tenantName": "sometenant", "passwordCredentials":{"username": "someuser", "password": "somepass"}}} - I would like to have additional changed way of doing it with different mechanism and commands like: {"auth": {"specialToken":{"token": "someTokenText"}}}. What should I change to add this additional way of getting token and user info.
Best regards,
Dawid

Question information

Language:
English Edit question
Status:
Answered
For:
OpenStack Identity (keystone) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Haneef Ali (haneef) said : 		#1

It is easy to do.

Additon a new auth method
---------------------------------------
 Look at password.py All you need to do is to implement the method "authenticate" and add your auth method configuration in the configuration file

Customizing the providers such as UUID or PKI
-------------------------------------------------------------
If you want to add some more logic, or change the way the current UUID token works, then you need to override or extend
providers/uuid.py. There depending on your needs , you may override the methods.

e.g If you don't want to create a new token for each getToken call from same user for same scope, you can do that here.

Don't forget to add ur provider classs in the config file

Can you help with this problem?

Provide an answer of your own, or ask Dawid for more information if necessary.

To post a message you must log in.