Configuring keystone authentication

The Manager supports authentication against a Keystone server. Detailed steps for configuring a Keystone server with the system are provided.

Procedure

  1. On the Settings tab, navigate to Authentication > Keystone Authentication.
  2. Check the Enable Keystone HTTP Authentication check box to enable the Keystone authentication and the corresponding options on the Keystone Auth Configuration page.
  3. Type the host name of the Keystone authentication server in the Hostname field.
    192.168.14.63
    my.keystoneserver.com
    Note: Do not include http:// or https://.
  4. Check the Use SSL/TLS check box to use HTTPS.
  5. Check the Use a custom port check box.
    1. If the Use a custom port check box is checked, the custom port field activates. Enter the admin port to be used for Keystone authentication.
      • The default port is 35357.
  6. Choose the Keystone Protocol Version to be used for authentication.
    1. Click the v2.0 for Keystone v2.0.
    2. Click the v3 for Keystone v3.
      • Because the concept of a Domain was introduced in Keystone v3, the domain options are not required for v3.
  7. Enter the character to be used to separate user name from domain in the Domain Separator field.
    Note: The domain separator must be a character that is not used in any Keystone user name (for example, @). Keystone credentials for basic authentication against an Accesser® must have a user name that is provided along with the domain, unless you are using Keystone v2.0 or when a default domain is set.
  8. Check Use a default domain to allow the use of a default name.
    Note: Keystone users that authenticate against Accesser devices without explicitly providing a domain are scoped by the default domain.
  9. Enter the shared secret with the Keystone configuration in the Token > Admin Token field.
    Note: In many Keystone server configurations, the admin token is located in the /etc/keystone/ directory.
  10. Paste a PEM file into the Certificate PEM field.
    Note: A certificate is needed when the Keystone server is using SSL with self signed certificates. The certificate for many Keystone server configurations is at /etc/keystone/ssl/certs/ca.pem.
  11. Click Update.

What to do next

Note: For account or group creation or deletion, see managerAdmin_security_authenticationandauthorization.html