Keystone OTP

asked 2016-03-09 05:53:05 -0500

trex gravatar image

I need to write a TOTP plugin for Keystone. And now I follow this guide http://docs.openstack.org/developer/keystone/auth-totp.html (http://docs.openstack.org/developer/k...)

But I can't pass the first step and create the TOTP credential.

I got the following error.

./create_totp_credential.sh  
HTTP/1.1 401 Unauthorized Date: Wed, 09 Mar 2016 11:50:41 GMT Server: Apache/2.4.18 (Fedora) OpenSSL/1.0.2f-fips mod_wsgi/4.4.8 Python/2.7.10 WWW-Authenticate: Keystone uri="http://localhost:5000" Content-Length: 114 Vary: X-Auth-Token x-openstack-request-id: req-e8ddaef8-7e2c-41f0-811a-e2362e8a0c4e Content-Type: application/json

 {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

Debug:

sudo tail -n 50 /var/log/httpd/keystone.log
2016-03-09 12:04:55.808 1181 DEBUG keystone.middleware.auth [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. 2016-03-09 12:04:55.808 process_request /opt/stack/keystone/keystone/middleware/auth.py:171
2016-03-09 12:04:55.814 1181 INFO keystone.common.wsgi [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] POST http://localhost:5000/v3/credentials
2016-03-09 12:04:55.815 1181 DEBUG keystone.common.controller [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] RBAC: Authorizing identity:create_credential(credential={u'user_id': u'4725c2a6592c46b89bbd42da1731d5ed', u'type': u'totp', u'blob': u'OBQXG43XN5ZGI'}) 2016-03-09 12:04:55.815 _build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.py:80
2016-03-09 12:04:55.816 1181 DEBUG keystone.common.controller [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] RBAC: building auth context from the incoming auth token 2016-03-09 12:04:55.816 _build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.py:92
2016-03-09 12:04:55.817 1181 DEBUG oslo.cache._memcache_pool [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Memcached pool 140351135589296, thread 140351402075904: Acquiring connection 2016-03-09 12:04:55.817 _debug_logger /usr/lib/python2.7/site-packages/oslo_cache/_memcache_pool.py:116
2016-03-09 12:04:55.817 1181 DEBUG oslo.cache._memcache_pool [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Memcached pool 140351135589296, thread 140351402075904: Acquired connection 140351418931208 2016-03-09 12:04:55.817 _debug_logger /usr/lib/python2.7/site-packages/oslo_cache/_memcache_pool.py:116
2016-03-09 12:04:55.818 1181 DEBUG oslo.cache._memcache_pool [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Memcached pool 1
40351135589296, thread 140351402075904: Releasing connection 140351418931208 2016-03-09 12:04:55.818 _debug_logger /usr/lib/python2.7/site-packages/oslo_cache/_memcache_pool.py:116
2016-03-09 12:04:55.819 1181 DEBUG oslo.cache._memcache_pool [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Memcached pool 140351135589296, thread 140351402075904: Acquiring connection 2016-03-09 12:04:55.819 _debug_logger /usr/lib/python2.7/site-packages/oslo_cache/_memcache_pool.py:116
2016-03-09 12:04:55.819 1181 DEBUG oslo.cache._memcache_pool [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Memcached pool 140351135589296, thread 140351402075904: Acquired connection 140351418931208 2016-03-09 12:04:55.819 _debug_logger /usr/lib/python2.7/site-packages/oslo_cache/_memcache_pool.py:116
2016-03-09 12:04:55.820 1181 DEBUG oslo.cache._memcache_pool [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Memcached pool 140351135589296, thread 140351402075904: Releasing connection 140351418931208 2016-03-09 12:04:55.820 _debug_logger /usr/lib/python2.7/site-packages/oslo_cache/_memcache_pool.py:116
2016-03-09 12:04:55.821 1181 WARNING keystone.common.controller [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] RBAC: Invalid token
2016-03-09 12:04:55.823 1181 WARNING keystone.common.wsgi [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Authorization failed. The request you have made requires authentication. from ::1

My scripts ... (more)

edit retag flag offensive close merge delete