External authentication plugins
We need to figure out what external authentication plugins Keystone needs to provide.
Requirements are that we should support what was supported in Grizzly and Havana, and also support a plugin that works with both auth V2 and auth V3.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Brant Knudson
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Steve Martinelli
- Completed by
- Steve Martinelli
Related branches
Related bugs
Sprints
Whiteboard
Background Info
-------
- These are plugins we had in Havana (for V3):
(See http://
- keystone.
- @ is optional, everything after first @ is ignored
- users are only found in default domain
- keystone.
- @ is required, everything after last @ is the domain name
- This is how Havana V2 works:
(See http://
- @ is not a special character, the whole username is used
- users are only found in default domain
- This is how Grizzly works:
- V3:
- The user name in REMOTE_USER is ignored, the user name and domain are taken from "password" method data in request
(See http://
- V2 Grizzly worked the same as Havana
Notes on previous behavior
-------
- Regarding keystone.
- Dolph: I have yet to find someone that thinks this behavior is useful; IMO this should be changed to reflect grizzly v2 behavior
Current plugins in IceHouse, as of I2
-------
- DefaultDomain: takes full name, user always in default domain
- This is G & H V2
- Domain : like DefaultDomain but gets domain from REMOTE_DOMAIN environment.
- This is new
- LegacyDefaultDo
- This is H ExternalDefault
- LegacyDomain: splits up REMOTE_USER to username and domainname (deprecated)
- This is H ExternalDomain
Deprecated names in IceHouse
-------
- ExternalDefault : DefaultDomain (deprecated name)
- ExternalDomain : Domain (deprecated name)
Plans for IceHouse
-------
- Develop a plugin that works like Grizzly V3
(stevemar) 2016-02-02: this is terribly hard to follow along, and looks like it hasn't been updated in about 4 releases, and the keystone code base has shifted significantly since then. I'm going to mark this as implemented, we can open a new spec for any leftover functionality that we might have been missed.
Work Items
Work items:
Develop a plugin that works like Grizzly V3: TODO