Authentication and authorization¶
All requests to the API may only be performed by an authenticated agent.
The preferred authentication system is the OpenStack Identity service, code-named keystone.
Identity service authentication¶
To authenticate, an agent issues an authentication request to an Identity service endpoint. In response to valid credentials, Identity service responds with an authentication token and a service catalog that contains a list of all services and endpoints available for the given token.
Multiple endpoints may be returned for Message service according to physical locations and performance/availability characteristics of different deployments.
Normally, Identity service middleware provides the X-Project-Id header
based on the authentication token submitted by the Message service client.
For this to work, clients must specify a valid authentication token in the
X-Auth-Token header for each request to the Message service API. The API
validates authentication tokens against Identity service before servicing each
request.
No authentication¶
If authentication is not enabled, clients must provide the X-Project-Id
header themselves.
Options¶
Configure the authentication and authorization strategy through these options:
| Configuration option = Default value | Description |
|---|---|
| [DEFAULT] | |
auth_strategy = |
(String) Backend to use for authentication. For no auth, keep it empty. Existing strategies: keystone. See also the keystone_authtoken section below |
| Configuration option = Default value | Description |
|---|---|
| [trustee] | |
auth_section = None |
(Unknown) Config Section from which to load plugin specific options |
auth_type = None |
(Unknown) Authentication type to load |
auth_url = None |
(Unknown) Authentication URL |
default_domain_id = None |
(Unknown) Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication. |
default_domain_name = None |
(Unknown) Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication. |
domain_id = None |
(Unknown) Domain ID to scope to |
domain_name = None |
(Unknown) Domain name to scope to |
password = None |
(Unknown) User’s password |
project_domain_id = None |
(Unknown) Domain ID containing project |
project_domain_name = None |
(Unknown) Domain name containing project |
project_id = None |
(Unknown) Project ID to scope to |
project_name = None |
(Unknown) Project name to scope to |
trust_id = None |
(Unknown) Trust ID |
user_domain_id = None |
(Unknown) User’s domain id |
user_domain_name = None |
(Unknown) User’s domain name |
user_id = None |
(Unknown) User id |
username = None |
(Unknown) Username |
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.