Ask Your Question
0

admin_token not working with Identity API v3

asked 2014-11-07 05:23:49 -0500

garcianavalon gravatar image

updated 2014-11-07 05:24:52 -0500

Hi all, I've encountered a problem recently when using the admin token with Keystone. I've done several tests, with different versions of keystone (master and stable/juno) and running them both in localhost and in a separete machine and this is the behaviour found in all of them:

# using API v2.0
export OS_TOKEN=ADMIN
export OS_URL=http://localhost:35357/v2.0
$ openstack user lists 
works OK
$ openstack user create test
works OK

# using API v3
export OS_IDENTITY_API_VERSION=3
export OS_TOKEN=ADMIN
export OS_URL=http://localhost:35357/v3
$ openstack user lists 
works OK
$ openstack user create test
ERROR: openstack The request you have made requires authentication. (HTTP 401)

I've followed all the steps in http://docs.openstack.org/developer/keystone/setup.html (http://docs.openstack.org/developer/k...) and http://docs.openstack.org/developer/keystone/developing.html (http://docs.openstack.org/developer/k...) . Also set in etc/keystone.conf admin_token=ADMIN. I've checked that AdminTokenAuthMiddleware is in all pipelines in etc/keystone-paste.ini. I've tried using port 5000 in OS_URL. If I use the default admin account (admin,secrete) I can create a user succesfully both using v2.0 and v3.

¿What am I missing? I guess is a very stupid configuration step or option...
Thanks for your help.

edit retag flag offensive close merge delete

Comments

What do you get as error?

rajiv-kumar gravatar imagerajiv-kumar ( 2014-11-07 09:05:44 -0500 )edit

1 answer

Sort by » oldest newest most voted
1

answered 2014-11-07 17:07:02 -0500

updated 2014-11-11 00:39:58 -0500

You are using v3 apis and v3 apis requires domain. (ie) A user is created in a domain. If you don't pass domain, then domain is assumed as caller's domain.

The user (admin,secret)'s domain is "default" domain. So it works. But if you use "ADMIN" token keystone can't get the domain. In this case you need to explicitly pass the domain.

Use

openstack user create test --domain default

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-11-07 05:23:49 -0500

Seen: 1,231 times

Last updated: Nov 11 '14