HP VAN SDN Controller Administrator Guide
48
{
"record": {
"domainId": "62e312edff47413fad7e1d7fa6ac7bc7",
"domainName": "sdn",
"expiration": 1377917359000,
"expirationDate": "2013-08-30 19-49-19 -0700",
"token": "54a6f80a9ae243db89bfa05de4ced51d",
"userId": "bca3dea8a28b457e99e899ae16b79634",
"userName": "sdn"
}
}
CAUTION
Please guard this token information, as it can be used as an API key to gain access
to your SDN controller REST APIs.
To gain access to the REST API, include the token in the X-Auth-Token header as in the following
curl example:
curl -sk -H "X-Auth-Token:54a6f80a9ae243db89bfa05de4ced51d" https://<controller-
ip>:8443/sdn/v2.0/systems
One can continue using the same token for different SDN controller APIs within the default 24-
hour period since token creation. If desired, one can change this default 24-hour timeout in the
/etc/keystone/keystone.conf file. (See the OpenStack Keystone Administration Guide for more
information). The CachedTokenTTL value under the configuration properties
com.hp.sdn.adm.auth.impl.AuthenticationManager needs to match the timeout set by Keystone as
well to allow efficient caching of tokens.
Service and Admin Tokens
The Service token is used for internal communication between controllers and is not exposed to
the user. Likewise, the Admin token is used for the communication between the controller and the
Keystone server and is not exposed to the user.
That said, the values for these tokens can be changed via the UI under the Configurations for
AuthenticationManager. Note that for the Service token, all controllers in a team must have the
same Service token to communicate successfully. Likewise, for the Admin token, both the
controller token value and the Openstack Keystone “admin_token” in
/etc/keystone/keystone.conf must match for authentication to work.