Mistral

Configurable Auth Middleware

Registered by Winson Chan on 2014-12-24

Instead of hardcoding Mistral to only use the auth_token middleware in KeystoneMiddleware, allow operators to define their own auth middleware in the config (in cases where they want to run Mistral as a standalone service and have something else for auth instead of Keystone). Abstract the auth middleware @ https://github.com/stackforge/mistral/blob/master/mistral/api/access_control.py#L28. Keystone auth_token middleware should stay as the default in Mistral though in the config.

Blueprint information

Status:: Complete

Approver:: Renat Akhmerov

Priority:: High

Drafter:: Winson Chan

Direction:: Approved

Assignee:: Renat Akhmerov

Definition:: New

Series goal:: Accepted for newton

Implementation:: Implemented

Milestone target:: newton-2

Started by: Renat Akhmerov on 2016-06-14

Completed by: Renat Akhmerov on 2016-07-14

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/mistral-configurable-auth-middleware,n,z

Addressed by: https://review.openstack.org/335944
WIP: Add KeyCloak authentication

Addressed by: https://review.openstack.org/336466
Remove obsolete config option "use_mistral_rpc"

Addressed by: https://review.openstack.org/336488
Add authentication options for KeyCloak OIDC

Addressed by: https://review.openstack.org/337100
WIP: Add KeyCloak OpenID Connect server-side authentication

Addressed by: https://review.openstack.org/337603
Release note for KeyCloak OIDC support

renat: necessary changes were made to support KeyCloak (OpenID Connect protocol) authentication which now inlcludes only token validation. There's also option "auth_type" that can be later used to implement other authentication mechanisms.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Moshe Elisha