With PKI tokens being deprecated, I am going to mark this as "wont fix", prefering Fernet and/or UUID tokens to PKI
** Changed in: keystonemiddleware Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1259011 Title: Certificates cannot be retrieved from the V3 API Status in OpenStack Identity (keystone): Fix Released Status in keystonemiddleware: Won't Fix Status in openstack-api-site: Fix Released Bug description: Auth_token middleware relies upon the V2 api to provide the certificates that are required to validate PKI tokens because this information is not provided by the V3 API. Longer term i think we should be encouraging deployers to handle their own certificate distribution as fetching the certificates from the same source that is issuing tokens is not secure, however for the mean time we need some way of providing these certificates to token validators. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1259011/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp