Swift authentication fails for installations using "swauth" #5735
Comments
The change to the authentication context URL is currently a global configuration. Has the authentication protocol changed? |
I don't believe the url has changed. It should be /auth/v1.0 for swauth. I do believe that the authentication context URL should not be a global variable. In the meantime can you give a sample of the command to use to set the url to /auth/v1.0? I tried using the defaults command from the wiki but didn't have luck making it work. |
Replying to [comment:2 devcamcar]:
Using should work. |
The need to change the authentiation context for swauth is documented in the OpenStack manual. |
Thanks! I was able to get everything working using the correct defaults command. I think it would be worth adding a customizable URL for the authentication endpoint though, since it can vary by swift installation. |
I want the developers of Swift to provide a mean to remap or redirect authentication URLs handling this transparently. There should be no need for multiple possible URIs. |
I think this could potentially be an ongoing issue as other authentication backends are implemented for swift. It's very possible that any new auth backend could use a different auth endpoint. Until swauth (AFAIK), swift never even tried to perform any auth functions, relying on an external auth system and external token validation. I guess what I'm saying is that I don't feel that the auth URI is part of the swift protocol spec, and its location is completely arbitrary, and may vary on a per-provider basis. I agree that it would be helpful to have a completely free-form auth URI, or at least the option to enter one. Certainly not a criticism though, I do appreciate all your efforts. |
Replying to [comment:10 rpedde]:
Thanks for your insights on this issue. If we want to support arbitrary authentication context paths, we will have to introduce another login prompt that allows to specify the path. But that would be quite a cumbersome login process for the average user. |
FYI, Keystone can now be found at https://github.com/openstack/keystone |
Replying to [comment:14 Matt (2)]:
Now a ticket at #6330. |
Looks like Keystone restores interoperability with the default authentication context path at |
Cyberduck is unable to authenticate users against a Swift installation when the installation is using "swauth", Swift's new authentication system introduced in the 1.2 release.
There are instructions that describe how to work around the issue at http://trac.cyberduck.ch/wiki/help/en/howto/openstack:
However, I was unable to make the authentication work using this method. Also, it is unclear if this affects Swift globally within Cyberduck, though I assume it does.
So first issue is that I can't make it work by attempting to point it to /auth/v1.0 (which is what swauth wants).
The second issue is that this should be a per connection configuration and should not be treated as a global setting, as this URL will vary from installation to installation.
The text was updated successfully, but these errors were encountered: