Identity

Identity service (keystone) provides identity, token, catalog, and policy services for use specifically by services in the OpenStack family. Identity service is organized as a group of internal services exposed on one or many endpoints. Many of these services are used in a combined fashion by the front end. For example, an authentication call validates user and project credentials with the identity service. If successful, it will create and return a token with the token service. More information can be found by reading the keystone Developer Documentation.

• Authentication
  • Invalid login attempts
  • Multi-factor authentication
• Authentication methods
  • Internally implemented authentication methods
  • External authentication methods
• Authorization
  • Establish formal access control policies
  • Service authorization
  • Administrative users
  • End users
• Policies
• Tokens
  • Fernet tokens
  • JWT tokens
• Domains
• Federated keystone
  • Why use Federated Identity?
• Checklist
  • Check-Identity-01: Is user/group ownership of config files set to keystone?
  • Check-Identity-02: Are strict permissions set for Identity configuration files?
  • Check-Identity-03: is TLS enabled for Identity?
  • Check-Identity-04: (Obsolete)
  • Check-Identity-05: Is max_request_body_size set to default (114688)?
  • Check-Identity-06: Disable admin token in /etc/keystone/keystone.conf
  • Check-Identity-07: insecure_debug false in /etc/keystone/keystone.conf
  • Check-Identity-08: Use fernet token in /etc/keystone/keystone.conf