Enabling the Revocation ExtensionΒΆ

Note

As of the Juno release, the example configuration files will have the OS-REVOKE extension enabled by default, thus it is not necessary to perform steps 1 and 2. Also, for new installations, the revocation extension tables are already migrated, thus it is not necessary to perform steps 3.

  1. Optionally, add the revoke extension driver to the [revoke] section in keystone.conf. For example:

    [revoke]
    driver = keystone.contrib.revoke.backends.sql.Revoke
    
  2. Add the required filter to the pipeline in keystone-paste.ini. This must be added after json_body and before the last entry in the pipeline. For example:

    [filter:revoke_extension]
    paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory
    
    [pipeline:api_v3]
    pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3
  3. Create the revocation extension tables if using the provided SQL backend. For example:

    ./bin/keystone-manage db_sync --extension revoke

Previous topic

Enabling the OAuth1 Extension

Next topic

Key Terms

This Page