keystone.common.tokenless_auth module

class keystone.common.tokenless_auth.TokenlessAuthHelper(env)[source]

Bases: keystone.common.provider_api.ProviderAPIMixin, object

get_mapped_user(project_id=None, domain_id=None)[source]

Map client certificate to an existing user.

If user is ephemeral, there is no validation on the user himself; however it will be mapped to a corresponding group(s) and the scope of this ephemeral user is the same as what is assigned to the group.

  • project_id – Project scope of the mapped user.

  • domain_id – Domain scope of the mapped user.


A dictionary that contains the keys, such as user_id, user_name, domain_id, domain_name

Return type