Revision history [back]

click to hide/show revision 1
initial version

By lookin at the keystone-paste.ini , we can see the difference between public api and admin api

[pipeline:public_api]
pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service

[pipeline:admin_api]
pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service

major difference is admin api use the crud_extension and admin_service , the first one is for the user who has admin_role to bootstrap the keystone, the second one is for start the WSGI server listen on the admin port specified i the keystone.conf.

For the other projects who use the keystone as auth strategy, they are the keystone service consumers, so i think they should all use the public api not admin_api, ie. they will use the public url/internal url to interact with keystone.

Hope that helps!

Vic