how to get an openstack token and validate it?

token identity openstack
can. picture can. · May 20, 2012 · Viewed 25.7k times · Source

I followed this guide: http://keystone.openstack.org/api_curl_examples.html

and it seemed that I got a valid token by ran:

curl -d '{"auth":{"passwordCredentials":{"username": "can", "password": "mypassword"}}}' -H "Content-type: application/json" http://url:35357/v2.0/tokens

and it returned:

{
"access": 
{
    "token": 
    {
        "expires": "2012-05-21T14:35:17Z", 
        "id": "468da447bd1c4821bbc5def0498fd441"
    }, 
    "serviceCatalog": {}, 
    "user": 
    {
        "username": "can",
        "roles_links": [],
        "id": "bb6d3a09ad0c4924bf20c1a32ccb5781",
        "roles": [],
        "name": "can"
    }
}
}

but when I came to the next few sections to validate this token, I encountered this magic number: X-Auth-Token:999888777666. At first I thought it's the token I got but I was wrong.

I think I may have missed something, so I read related sections in openstack documents( http://keystone.openstack.org/configuration.html and http://docs.openstack.org/api/openstack-compute/programmer/content/ ), but still no idea how the number comes from.

could anyone explain to me

  1. what's the meaning of that magic number
  2. how to get the right value of it so I can get a working token to manage other parts of openstack

Answer

Everett Toews picture Everett Toews · May 28, 2012

That magic number (string really) is the admin_token setting in your keystone.conf file. Under the [DEFAULT] section in keystone.conf set

admin_token = abcd1234

If you don't use it for admin actions, you'll see something like

ubuntu@i-000004bc:~/devstack$ curl http://localhost:35357/v2.0/tenants
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized"}}

If you do use it, you'll see something like

ubuntu@i-000004bc:~/devstack$ curl -H "X-Auth-Token: abcd1234" http://localhost:35357/v2.0/tenants
{"tenants_links": [], "tenants": [{"enabled": true, "description": null, "name": "demo", "id": "aee8a46babcb4e4286021c8f6ef996cd"}, {"enabled": true, "description": null, "name": "invisible_to_admin", "id": "de17fea45de148ada0a58e998e6c3e73"}, {"enabled": true, "description": null, "name": "admin", "id": "f34b0c8ab30e450489b121fbe723fde5"}, {"enabled": true, "description": null, "name": "service", "id": "fbe3e2e530fd47298cb2cba1b4afa3da"}]}

Related questions

Parse (split) a string in C++ using string delimiter (standard C++)

I am parsing a string in C++ using the following: using namespace std; string parsed,input="text to be parsed"; stringstream input_stringstream(input); if (getline(input_stringstream,parsed,' ')) { // do some processing. } Parsing with a single char delimiter …

Read More
What is token-based authentication?

I want to understand what token-based authentication means. I searched the internet but couldn't find anything understandable.

Read More
syntax error: unexpected token <

I've tried many things and there's no way, always appears this error I tried to use only one option to see if passed, changed the call of jquery, but not. I looked in various places on the internet about this …

Read More