keystone.auth.plugins package

Submodules

keystone.auth.plugins.external module

Keystone External Authentication Plugins

class keystone.auth.plugins.external.Base[source]

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_info, auth_context)[source]

Use REMOTE_USER to look up the user in the identity backend.

auth_context is an in-out variable that will be updated with the user_id from the actual user from the REMOTE_USER env variable.

method = 'external'
class keystone.auth.plugins.external.DefaultDomain(*args, **kwargs)[source]

Bases: keystone.auth.plugins.external.Base

class keystone.auth.plugins.external.Domain(*args, **kwargs)[source]

Bases: keystone.auth.plugins.external.Base

class keystone.auth.plugins.external.ExternalDefault(*args, **kwargs)[source]

Bases: keystone.auth.plugins.external.DefaultDomain

Deprecated. Please use keystone.auth.external.DefaultDomain instead.

class keystone.auth.plugins.external.ExternalDomain(*args, **kwargs)[source]

Bases: keystone.auth.plugins.external.Domain

Deprecated. Please use keystone.auth.external.Domain instead.

class keystone.auth.plugins.external.LegacyDefaultDomain(*args, **kwargs)[source]

Bases: keystone.auth.plugins.external.Base

Deprecated. Please use keystone.auth.external.DefaultDomain instead.

This plugin exists to provide compatibility for the unintended behavior described here: https://bugs.launchpad.net/keystone/+bug/1253484

class keystone.auth.plugins.external.LegacyDomain(*args, **kwargs)[source]

Bases: keystone.auth.plugins.external.Base

Deprecated. Please use keystone.auth.external.Domain instead.

keystone.auth.plugins.oauth1 module

class keystone.auth.plugins.oauth1.OAuth(*args, **kwargs)[source]

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_info, auth_context)[source]

Turn a signed request with an access key into a keystone token.

method = 'oauth1'

keystone.auth.plugins.password module

class keystone.auth.plugins.password.Password(*args, **kwargs)[source]

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_payload, user_context)[source]

Try to authenticate against the identity backend.

method = 'password'
class keystone.auth.plugins.password.UserAuthInfo(*args, **kwargs)[source]

Bases: object

static create(auth_payload)[source]

keystone.auth.plugins.saml2 module

class keystone.auth.plugins.saml2.Saml2(*args, **kwargs)[source]

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_payload, auth_context)[source]

Authenticate federated user and return an authentication context.

Parameters:
  • context – keystone’s request context
  • auth_payload – the content of the authentication for a given method
  • auth_context – user authentication context, a dictionary shared by all plugins.

In addition to user_id in auth_context, the saml2 plugin sets group_ids. When handling unscoped tokens, OS-FEDERATION:identity_provider and OS-FEDERATION:protocol are set as well.

method = 'saml2'

keystone.auth.plugins.token module

class keystone.auth.plugins.token.Token[source]

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_payload, user_context)[source]
method = 'token'

Module contents