## From keystonemiddleware.auth_token# # Complete public Identity API

1.  
2. #
3. # From keystonemiddleware.auth_token
4. #
5.  
6. # Complete public Identity API endpoint. (string value)
7. #auth_uri = <None>
8.  
9. # API version of the admin Identity API endpoint. (string
10. # value)
11. #auth_version = <None>
12.  
13. # Do not handle authorization requests within the middleware,
14. # but delegate the authorization decision to downstream WSGI
15. # components. (boolean value)
16. #delay_auth_decision = false
17.  
18. # Request timeout value for communicating with Identity API
19. # server. (integer value)
20. #http_connect_timeout = <None>
21.  
22. # How many times are we trying to reconnect when communicating
23. # with Identity API Server. (integer value)
24. #http_request_max_retries = 3
25.  
26. # Env key for the swift cache. (string value)
27. #cache = <None>
28.  
29. # Required if identity server requires client certificate
30. # (string value)
31. #certfile = <None>
32.  
33. # Required if identity server requires client certificate
34. # (string value)
35. #keyfile = <None>
36.  
37. # A PEM encoded Certificate Authority to use when verifying
38. # HTTPs connections. Defaults to system CAs. (string value)
39. #cafile = <None>
40.  
41. # Verify HTTPS connections. (boolean value)
42. #insecure = false
43.  
44. # The region in which the identity server can be found.
45. # (string value)
46. #region_name = <None>
47.  
48. # Directory used to cache files related to PKI tokens. (string
49. # value)
50. #signing_dir = <None>
51.  
52. # Optionally specify a list of memcached server(s) to use for
53. # caching. If left undefined, tokens will instead be cached
54. # in-process. (list value)
55. # Deprecated group/name - [DEFAULT]/memcache_servers
56. #memcached_servers = <None>
57.  
58. # In order to prevent excessive effort spent validating
59. # tokens, the middleware caches previously-seen tokens for a
60. # configurable duration (in seconds). Set to -1 to disable
61. # caching completely. (integer value)
62. #token_cache_time = 300
63.  
64. # Determines the frequency at which the list of revoked tokens
65. # is retrieved from the Identity service (in seconds). A high
66. # number of revocation events combined with a low cache
67. # duration may significantly reduce performance. (integer
68. # value)
69. #revocation_cache_time = 10
70.  
71. # (Optional) If defined, indicate whether token data should be
72. # authenticated or authenticated and encrypted. If MAC, token
73. # data is authenticated (with HMAC) in the cache. If ENCRYPT,
74. # token data is encrypted and authenticated in the cache. If
75. # the value is not one of these options or empty, auth_token
76. # will raise an exception on initialization. (string value)
77. # Allowed values: None, MAC, ENCRYPT
78. #memcache_security_strategy = None
79.  
80. # (Optional, mandatory if memcache_security_strategy is
81. # defined) This string is used for key derivation. (string
82. # value)
83. #memcache_secret_key = <None>
84.  
85. # (Optional) Number of seconds memcached server is considered
86. # dead before it is tried again. (integer value)
87.  
88. # (Optional) Maximum total number of open connections to every
89. # memcached server. (integer value)
90. #memcache_pool_maxsize = 10
91.  
92. # (Optional) Socket timeout in seconds for communicating with
93. # a memcached server. (integer value)
94. #memcache_pool_socket_timeout = 3
95.  
96. # (Optional) Number of seconds a connection to memcached is
97. # held unused in the pool before it is closed. (integer value)
98. #memcache_pool_unused_timeout = 60
99.  
100. # (Optional) Number of seconds that an operation will wait to
101. # get a memcached client connection from the pool. (integer
102. # value)
103. #memcache_pool_conn_get_timeout = 10
104.  
105. # (Optional) Use the advanced (eventlet safe) memcached client
106. # pool. The advanced pool will only work under python 2.x.
107. # (boolean value)
108. #memcache_use_advanced_pool = false
109.  
110. # (Optional) Indicate whether to set the X-Service-Catalog
111. # header. If False, middleware will not ask for service
112. # catalog on token validation and will not set the X-Service-
113. # Catalog header. (boolean value)
114. #include_service_catalog = true
115.  
116. # Used to control the use and type of token binding. Can be
117. # set to: "disabled" to not check token binding. "permissive"
118. # (default) to validate binding information if the bind type
119. # is of a form known to the server and ignore it if not.
120. # "strict" like "permissive" but if the bind type is unknown
121. # the token will be rejected. "required" any form of token
122. # binding is needed to be allowed. Finally the name of a
123. # binding method that must be present in tokens. (string
124. # value)
125. #enforce_token_bind = permissive
126.  
127. # If true, the revocation list will be checked for cached
128. # tokens. This requires that PKI tokens are configured on the
129. # identity server. (boolean value)
130. #check_revocations_for_cached = false
131.  
132. # Hash algorithms to use for hashing PKI tokens. This may be a
133. # single algorithm or multiple. The algorithms are those
134. # supported by Python standard hashlib.new(). The hashes will
135. # be tried in the order given, so put the preferred one first
136. # for performance. The result of the first hash will be stored
137. # in the cache. This will typically be set to multiple values
138. # only while migrating from a less secure algorithm to a more
139. # secure one. Once all the old tokens are expired this option
140. # should be set to a single value for better performance.
141. # (list value)
142. #hash_algorithms = md5
143.  
144. # Authentication type to load (unknown value)
145. # Deprecated group/name - [DEFAULT]/auth_plugin
146. #auth_type = <None>
147.  
148. # Config Section from which to load plugin specific options
149. # (unknown value)
150. #auth_section = <None>