blob: 29955d74159f8c4635c2b1300a679305f4158bfd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
..
Copyright 2011-2013 OpenStack, Foundation
All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
=============================
Enabling the OAuth1 Extension
=============================
To enable the OAuth1 extension:
1. Optionally, add the oauth1 extension driver to the ``[oauth1]`` section in ``keystone.conf``. For example::
[oauth1]
driver = sql
2. Add the ``oauth1`` authentication method to the ``[auth]`` section in ``keystone.conf``::
[auth]
methods = external,password,token,oauth1
3. Add the ``oauth1_extension`` filter to the ``api_v3`` pipeline in
``keystone-paste.ini``. This must be added after ``json_body`` and before
the last entry in the pipeline. For example::
[pipeline:api_v3]
pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension oauth1_extension service_v3
4. Create the OAuth1 extension tables if using the provided SQL backend. For example::
./bin/keystone-manage db_sync --extension oauth1
5. Optionally, if deploying under an HTTPD server (i.e. Apache), set the
`WSGIPassAuthorization` to allow the OAuth Authorization headers to
pass through `mod_wsgi`. For example, add the following to the Keystone
virtual host file::
WSGIPassAuthorization On
|