Hi, I have a user with admin role in default domain. I want to create a project scoped token using this, but getting a 401 error.
Following is the exact setup Keystone: Juno version using identity v3 APIs Domain: default User: admin (has admin role assigned to default domain) Project: testscope (created inside the default domain) The curl command to create Project Scoped token: # curl -k -i -H "Content-Type: application/json" -d '{ "auth": {"identity": {"methods": ["password"],"password": {"user": {"name": "admin","domain": { "id": "default"},"password": "admin" }}}, "scope": { "project": { "name": "testscope", "domain": { "id": "default" }}} }}' https://keystone:5000/v3/auth/tokens?nocatalog HTTP/1.1 401 Unauthorized {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}} But if I assign admin role to the Project then everything works fine. My question is - why should I assign admin role to the project, even though I am a domain admin? Shouldn’t a domain admin have access to all projects within it by default? Thanks Suresh
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack