Re: [openstack-dev] Get keystone auth token via Horizon URL
From Horizon, you won’t be able to do keystone way of authentication. From: Ed Lima [mailto:e...@stackerz.com] Sent: Wednesday, October 15, 2014 8:30 AM To: openstack-dev@lists.openstack.org Subject: [openstack-dev] Get keystone auth token via Horizon URL I'm on the very early stages of developing an app for android to manage openstack services and would like to get the user credentials/tokens on keystone to get data and execute commands via the horizon URL. I'm using IceHouse on Ubuntu 14.04. In my particular use case I have keystone running on my internal server http://localhost:5000/v3/auth/tokens; which would allow me to use my app fine with JSON to get information from other services and execute commands however I'd have to be on the same network as my server for it to work. On the other hand I have my horizon URL published externally on the internet at the address https://openstack.domain.com/horizon; which is available from anywhere and gives me access to my OpenStack services fine via browser on a desktop. I'd like to do the same on android, would it be possible? Is there a way for my app to send JSON requests to horizon at https://openstack.domain.com/horizon and get the authentication tokens from keystone indirectly? I should mention I'm not a very experienced developer and any help would be amazing! Thanks ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Get keystone auth token via Horizon URL
You're android device must be be able to access Identity Service URL from your android. So if you're trying to access localhost:5000 you're device (I would assume emulated in this case) must run on the same machine (your dev laptop, I would assume) as your OpenStack Identity Service. On Wed, Oct 15, 2014 at 7:30 AM, Manickam, Kanagaraj kanagaraj.manic...@hp.com wrote: From Horizon, you won’t be able to do keystone way of authentication. *From:* Ed Lima [mailto:e...@stackerz.com] *Sent:* Wednesday, October 15, 2014 8:30 AM *To:* openstack-dev@lists.openstack.org *Subject:* [openstack-dev] Get keystone auth token via Horizon URL I'm on the very early stages of developing an app for android to manage openstack services and would like to get the user credentials/tokens on keystone to get data and execute commands via the horizon URL. I'm using IceHouse on Ubuntu 14.04. In my particular use case I have keystone running on my internal server *http://localhost:5000/v3/auth/tokens http://localhost:5000/v3/auth/tokens* which would allow me to use my app fine with JSON to get information from other services and execute commands however I'd have to be on the same network as my server for it to work. On the other hand I have my horizon URL published externally on the internet at the address *https://openstack.domain.com/horizon https://openstack.domain.com/horizon* which is available from anywhere and gives me access to my OpenStack services fine via browser on a desktop. I'd like to do the same on android, would it be possible? Is there a way for my app to send JSON requests to horizon at *https://openstack.domain.com/horizon https://openstack.domain.com/horizon* and get the authentication tokens from keystone indirectly? I should mention I'm not a very experienced developer and any help would be amazing! Thanks ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Igor, thin*KING* *solving real problems* ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Get keystone auth token via Horizon URL
The :5000 port of Keystone is designed to be exposed publicly via HTTPS. In the /v2.0/ API, there's only a handful of calls exposed on that port. In /v3/ the entire API is exposed, but wrapped by RBAC. If you're using HTTPS, it should be safe to expose the public interfaces of all the services to the Internet. Remember that UUID and PKI tokens are both bearer tokens, and that it takes minimal effort for an attacker to compromise your cloud if you're exposing tokens over HTTP. On Tuesday, October 14, 2014, Ed Lima e...@stackerz.com wrote: I'm on the very early stages of developing an app for android to manage openstack services and would like to get the user credentials/tokens on keystone to get data and execute commands via the horizon URL. I'm using IceHouse on Ubuntu 14.04. In my particular use case I have keystone running on my internal server *http://localhost:5000/v3/auth/tokens http://localhost:5000/v3/auth/tokens* which would allow me to use my app fine with JSON to get information from other services and execute commands however I'd have to be on the same network as my server for it to work. On the other hand I have my horizon URL published externally on the internet at the address *https://openstack.domain.com/horizon https://openstack.domain.com/horizon* which is available from anywhere and gives me access to my OpenStack services fine via browser on a desktop. I'd like to do the same on android, would it be possible? Is there a way for my app to send JSON requests to horizon at *https://openstack.domain.com/horizon https://openstack.domain.com/horizon* and get the authentication tokens from keystone indirectly? I should mention I'm not a very experienced developer and any help would be amazing! Thanks ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
