Authentication Through OpenStack Keystone


Keystone is an OpenStack service that provides API client authentication, service discovery, and distributed multi-tenant authorization.

OpenStack Keystone connector supports offline_access and groups scopes. To use this connector, create a domain and user with an admin role, then specify the credentials in the configuration file (see the example below).

OpenStack Keystone exposes the Identity API v3 to work with dex.


The following is an example of an OpenStack Keystone configuration for dex:

  - type: keystone
    # Required field for connector id.
    id: keystone
    # Required field for connector name.
    name: Keystone
      # Required, without v3 suffix.
      keystoneHost: http://example:5000
      # Required, admin user credentials to connect to keystone.
      domain: default
      keystoneUsername: demo 
      keystonePassword: DEMO_PASS