Reviewed: https://review.opendev.org/669790 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=4fb4d8b8a4055dfacf13a409e590485461d766b2 Submitter: Zuul Branch: master
commit 4fb4d8b8a4055dfacf13a409e590485461d766b2 Author: Guang Yee <[email protected]> Date: Mon Jul 8 21:55:47 2019 -0700 update documentation for X.509 tokenless auth Explain what this feature is intended for and how to properly use it. Change-Id: I5ef67d9beaa0fc9505270408db4dec5dd9d97ebf Closes-Bug: 1813057 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1813057 Title: The tokenless/x509 authentication documentation is opaque Status in OpenStack Identity (keystone): Fix Released Bug description: Keystone supports the ability to trust a certificate authority, meaning it also has the ability to trust certificates issued to users by that authority. The work originally landed in Liberty [0], but some of the examples in the documentation could be more concise [1]. Some things we could do to improve this documentation would be to: - Explain situations where trusting a CA would be beneficial to a deployment - Explain how operators should know what to configure for the trusted_issuer (e.g., this should ideally be an openssl command they can use to pull the value out of their certificate - the current documentation doesn't really tell you how to get this, leaving you guessing) - Put the configuration steps into the configuration guide, which is written for operators setting up and configuring their deployment - Put the user information in the user guide, so it's easier for users to know how they can use a certificate given to them from an operator [0] https://specs.openstack.org/openstack/keystone-specs/specs/liberty/keystone-tokenless-authz-with-x509-ssl-client-cert.html [1] https://docs.openstack.org/keystone/latest/admin/configure_tokenless_x509.html#create-an-identity-provider-idp To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1813057/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
