OpenStack Identity (keystone)

Pluggable Identity Authentication Handlers

Registered by Boden R

The functionality described in this blueprint aims to drive additional value into Keystone/OpenStack by adding support for pluggable authentication in a manner that's transparent across concrete identity drivers irrespective of the driver/backing-store type (LDAP, SQL, etc.). It also sets forth the constructs necessary to permit authentication by means other than user id/password, and moreover to perform authentication in a conditional manner based a given request. Together these enhancements pave the way for numerous authentication mechanisms moving forward.

Blueprint information

Status:
Complete
Approver:
Joseph Heck
Priority:
Medium
Drafter:
Boden R
Direction:
Approved
Assignee:
Guang Yee
Definition:
Drafting
Series goal:
Accepted for grizzly
Implementation:
Implemented
Milestone target:
milestone icon 2013.1
Started by
Joseph Heck
Completed by
Dolph Mathews

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/pluggable-identity-authentication-handlers,n,z

Addressed by: https://review.openstack.org/14775
    blueprint pluggable-identity-authentication-handlers

Addressed by: https://review.openstack.org/14823
    Implements REMOTE_USER authentication support.

Notes from Adam:
-------------------------
 * Need to define the default set of acceptable auth mechanisms
 * Provide a way to define a new auth mechanism
 * Record the auth mechanism used inside the token
 * Provide policy rules for enforcing multifactor

Addressed by: https://review.openstack.org/16755
    Added documentation for the external auth support

Addressed by: https://review.openstack.org/21487
    blueprint pluggable-identity-authentication-handlers blueprint multi-factor-authn (just the plumbing) v3 authentication and token APIs

Gerrit topic: https://review.openstack.org/#q,topic:bug/1126048,n,z

Addressed by: https://review.openstack.org/22307
    Fix example in documentation.

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.