admin_token not working with Identity API v3

asked 2014-11-07 05:23:49 -0600

garcianavalon gravatar image

updated 2014-11-07 05:24:52 -0600

Hi all, I've encountered a problem recently when using the admin token with Keystone. I've done several tests, with different versions of keystone (master and stable/juno) and running them both in localhost and in a separete machine and this is the behaviour found in all of them:

# using API v2.0
export OS_URL=http://localhost:35357/v2.0
$ openstack user lists 
works OK
$ openstack user create test
works OK

# using API v3
export OS_URL=http://localhost:35357/v3
$ openstack user lists 
works OK
$ openstack user create test
ERROR: openstack The request you have made requires authentication. (HTTP 401)

I've followed all the steps in ( and ( . Also set in etc/keystone.conf admin_token=ADMIN. I've checked that AdminTokenAuthMiddleware is in all pipelines in etc/keystone-paste.ini. I've tried using port 5000 in OS_URL. If I use the default admin account (admin,secrete) I can create a user succesfully both using v2.0 and v3.

¿What am I missing? I guess is a very stupid configuration step or option...
Thanks for your help.

edit retag flag offensive close merge delete


What do you get as error?

rajiv-kumar gravatar imagerajiv-kumar ( 2014-11-07 09:05:44 -0600 )edit

1 answer

Sort by » oldest newest most voted

answered 2014-11-07 17:07:02 -0600

updated 2014-11-11 00:39:58 -0600

You are using v3 apis and v3 apis requires domain. (ie) A user is created in a domain. If you don't pass domain, then domain is assumed as caller's domain.

The user (admin,secret)'s domain is "default" domain. So it works. But if you use "ADMIN" token keystone can't get the domain. In this case you need to explicitly pass the domain.


openstack user create test --domain default

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-11-07 05:23:49 -0600

Seen: 1,343 times

Last updated: Nov 11 '14