diff options
author | Zuul <zuul@review.openstack.org> | 2018-10-05 11:36:19 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2018-10-05 11:36:19 +0000 |
commit | fc51082ef43e316bbfa65c16dd6483af1f2092e7 (patch) | |
tree | d8256b55011237701b189a06bb3041e1dadd5540 /releasenotes | |
parent | 5e9fa2af0e733ac231bcc5b16e4632d56e617fe2 (diff) | |
parent | da5932affc253a8b50ba753c6f9fabde68410501 (diff) | |
download | keystonemiddleware-fc51082ef43e316bbfa65c16dd6483af1f2092e7.tar.gz |
Merge "Respect delay_auth_decision when Keystone is unavailable"5.3.0
Diffstat (limited to 'releasenotes')
-rw-r--r-- | releasenotes/notes/delay_auth_instead_of_503-f9b46bf4fbc11455.yaml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/releasenotes/notes/delay_auth_instead_of_503-f9b46bf4fbc11455.yaml b/releasenotes/notes/delay_auth_instead_of_503-f9b46bf4fbc11455.yaml new file mode 100644 index 0000000..11ce28a --- /dev/null +++ b/releasenotes/notes/delay_auth_instead_of_503-f9b46bf4fbc11455.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + When ``delay_auth_decision`` is enabled and a Keystone failure prevents + a final decision about whether a token is valid or invalid, it will be + marked invalid and the application will be responsible for a final auth + decision. This is similar to what happens when a token is confirmed *not* + valid. This allows a Keystone outage to only affect Keystone users in a + multi-auth system. |