plugins Package

plugins Package

core Module

class keystone.auth.plugins.core.UserAuthInfo(*args, **kwargs)[source]

Bases: object

static create(auth_payload, method_name)[source]
keystone.auth.plugins.core.construct_method_map_from_config()[source]

Determine authentication method types for deployment.

Returns:a dictionary containing the methods and their indexes
keystone.auth.plugins.core.convert_integer_to_method_list(method_int)[source]

Convert an integer to a list of methods.

Parameters:method_int – an integer representing methods
Returns:a corresponding list of methods
keystone.auth.plugins.core.convert_method_list_to_integer(methods)[source]

Convert the method type(s) to an integer.

Parameters:methods – a list of method names
Returns:an integer representing the methods

external Module

Keystone External Authentication Plugins

class keystone.auth.plugins.external.Base[source]

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_info, auth_context)[source]

Use REMOTE_USER to look up the user in the identity backend.

auth_context is an in-out variable that will be updated with the user_id from the actual user from the REMOTE_USER env variable.

class keystone.auth.plugins.external.DefaultDomain(*args, **kwargs)[source]

Bases: keystone.auth.plugins.external.Base

class keystone.auth.plugins.external.Domain(*args, **kwargs)[source]

Bases: keystone.auth.plugins.external.Base

class keystone.auth.plugins.external.KerberosDomain(*args, **kwargs)[source]

Bases: keystone.auth.plugins.external.Domain

Allows kerberos as a method.

mapped Module

class keystone.auth.plugins.mapped.Mapped(*args, **kwargs)[source]

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_payload, auth_context)[source]

Authenticate mapped user and set an authentication context.

Parameters:
  • context – keystone’s request context
  • auth_payload – the content of the authentication for a given method
  • auth_context – user authentication context, a dictionary shared by all plugins.

In addition to user_id in auth_context, this plugin sets group_ids, OS-FEDERATION:identity_provider and OS-FEDERATION:protocol

keystone.auth.plugins.mapped.apply_mapping_filter(identity_provider, protocol, assertion, resource_api, federation_api, identity_api)[source]
keystone.auth.plugins.mapped.extract_assertion_data(context)[source]
keystone.auth.plugins.mapped.handle_scoped_token(context, auth_payload, auth_context, token_ref, federation_api, identity_api, token_provider_api)[source]
keystone.auth.plugins.mapped.handle_unscoped_token(context, auth_payload, auth_context, resource_api, federation_api, identity_api)[source]
keystone.auth.plugins.mapped.setup_username(context, mapped_properties)[source]

Setup federated username.

Function covers all the cases for properly setting user id, a primary identifier for identity objects. Initial version of the mapping engine assumed user is identified by name and his id is built from the name. We, however need to be able to accept local rules that identify user by either id or name/domain.

The following use-cases are covered:

  1. If neither user_name nor user_id is set raise exception.Unauthorized
  2. If user_id is set and user_name not, set user_name equal to user_id
  3. If user_id is not set and user_name is, set user_id as url safe version of user_name.
Parameters:
  • context – authentication context
  • mapped_properties – Properties issued by a RuleProcessor.
Type :

dictionary

Raises :

exception.Unauthorized

Returns:

dictionary with user identification

Return type:

dict

oauth1 Module

class keystone.auth.plugins.oauth1.OAuth(*args, **kwargs)[source]

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_info, auth_context)[source]

Turn a signed request with an access key into a keystone token.

password Module

class keystone.auth.plugins.password.Password(*args, **kwargs)[source]

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_payload, auth_context)[source]

Try to authenticate against the identity backend.

saml2 Module

class keystone.auth.plugins.saml2.Saml2(*args, **kwargs)[source]

Bases: keystone.auth.plugins.mapped.Mapped

token Module

class keystone.auth.plugins.token.Token(*args, **kwargs)[source]

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_payload, user_context)[source]
keystone.auth.plugins.token.token_authenticate(context, auth_payload, user_context, token_ref)[source]

Table Of Contents

This Page