OpenStack Identity (keystone)

Basic-Auth

Registered by Adam Young on 2013-10-15

Passing in the userid/password in the body of a request is at odds with the way that the browsers expect authentication to work. Keystone should be able to accept userid and password via basic-auth in order to allow browser based operations against Keystone. Once created, the token can live in a secure cookie. TO prevent XSRF attacks, a standard header will enforce that the referring web page must be Keystone itself. A future extension will deal with CORS support.

Read the full specification

Blueprint information

Status:: Complete

Approver:: None

Priority:: Low

Drafter:: Adam Young

Direction:: Needs approval

Assignee:: Adam Young

Definition:: Obsolete

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Completed by: Adam Young on 2015-09-30

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/basic-auth,n,z

Addressed by: https://review.openstack.org/92137
Basic-Auth middleware

Can be done via Apache an Federation talking direct to the Database

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information

Everyone can see this information.

Subscribers

Marcos Lobo