Enabling the Revocation ExtensionΒΆ
Note
As of the Juno release, the example configuration files will have the
OS-REVOKE
extension enabled by default, thus it is not necessary to
perform steps 1 and 2.
Also, for new installations, the revocation extension tables are already
migrated, thus it is not necessary to perform steps 3.
Optionally, add the revoke extension driver to the
[revoke]
section inkeystone.conf
. For example:[revoke] driver = sql
Add the required
filter
to thepipeline
inkeystone-paste.ini
. This must be added afterjson_body
and before the last entry in the pipeline. For example:[filter:revoke_extension] paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory [pipeline:api_v3] pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3
Create the revocation extension tables if using the provided SQL backend. For example:
./bin/keystone-manage db_sync --extension revoke