Keystone, the OpenStack Identity Service¶
Keystone is an OpenStack service that provides API client authentication, service discovery, and distributed multi-tenant authorization by implementing OpenStack’s Identity API.
This documentation is useful for contributors looking to get involved in our community, developers writing applications on top of OpenStack, and operators administering their own OpenStack deployments.
This documentation is generated by the Sphinx toolkit and lives in the source tree. Also see the Getting Involved page for other ways to interact with the community.
Installation Guides¶
General Information¶
This section sontains the general information related to keystone which is commom to all the developers, users and operators. For documentation specific to the any of these three, please see the subsequent sections.
Contributor Documentation¶
This section contains the documentation needed for developing keystone.
- Contributor Documentation
- Setting up Keystone
- Identity API v2.0 and v3 History
- Working with Release Notes
- Testing Keystone
- Developing
doctor
checks - Making an API Change
- Authentication Plugins
- Database Migrations
- Identity entity ID management between controllers and drivers
- Translated responses
- Learning Architecture Internals
- External Developers
Operator Documentation¶
This section contains the documentation for operating, deploying and configuring the keystone service.
- Configuring Keystone
- Config Files
- Setting up other OpenStack Services
- Identity sources
- Certificates for PKI
- Service Catalog
- Endpoint Filtering
- Endpoint Policy
- SSL
- OAuth1 1.0a
- Token Binding
- Limiting list return size
- URL safe naming of projects and domains
- Health Check middleware
- API protection with Role Based Access Control (RBAC)
- Preparing your deployment
keystone-manage
- Supported clients
- Using an LDAP server
- Credential Encryption
- Advanced Topics
- Sample Files
Administrator Guides¶
- Administrator Guides
- Identity concepts
- Bootstrapping Identity
- Manage projects, users, and roles
- Create and manage services and service users
- Certificates for PKI
- Domain-specific configuration
- External authentication with Identity
- Integrate Identity with LDAP
- Upgrading Keystone
- Keystone tokens
- Configure Identity service for token binding
- Fernet - Frequently Asked Questions
- Use trusts
- Caching layer
- Security compliance and PCI-DSS
- Performance and scaling
- Example usage and Identity features
- Authentication middleware with user name and password
- Identity API protection with role-based access control (RBAC)
- Troubleshoot the Identity service
- Token provider
- Federated Identity
Configuration Options¶
API Documentation¶
An end user can find the specific API documentation here, OpenStack’s Identity API.
Note
Following are some API examples using curl. Note that these examples are not automatically generated. They can be outdated as things change and are subject to regular updates and changes.