Configure a user with the sdn-admin role on the Keystone server for the domain (tenant) that the user belongs to. The domain name and role configured for the user on the controller must match the domain name and role configured for that user in Keystone.

1. Create a tenant:

   ​

   curl –H "X-Auth-Token:ADMIN" –H "Contant-Type: application/json" –d '{"tenant": {"enabled": true, "name": "test-tenant", "description": "Test Tenant"}}' http://<controller-ip>:35357/v2.0/tenants

2. List tenants:

   ​

   curl –H "X-Auth-Token:ADMIN" http://<controller-ip>:35357/v2.0/tenants

3. Create a user:

   ​

   curl –H "X-Auth-Token:ADMIN" –H "Contant-Type: application/json" –d '{"user": {"email": "tester@test.rose.hp.com", "password": "somepass", "enabled": true, "name": "test-user", "tenantId": "2c851897a09f483fa452e2de11511f71"}}' http://<controller-ip>:35357/v2.0/users

4. List users:

   ​

   curl –H "X-Auth-Token:ADMIN" http://<controller-ip>:35357/v2.0/users

5. Create a role:

   ​

   curl –H "X-Auth-Token:ADMIN" –H "Contant-Type: application/json" –d '{"role": {"name": "test-role"}}' http:// <controller-ip>:35357/v2.0/OS-KSADM/roles

6. List users:

   ​

   curl –H "X-Auth-Token:ADMIN" http://<controller-ip>:35357/v2.0/roles

7. Assign role:

   ​

   curl –X PUT –H "X-Auth-Token:ADMIN" http://<controller-ip>:35357/v2.0/tenants/<tenant-id>/users/<user-id>/roles/OS-KSADM/<role-id>

8. List roles for a user:

   ​

   curl –H "X-Auth-Token:ADMIN" http://<controller-ip>:35357/v2.0/OS-KSADM/roles/<user-id>

Use the curl command to request authentication using the default username and password. You must include the keyword domain and the default domain name value, in this example sdn, as follows:

curl -sk -H 'Content-Type:application/json' -d '{"login":{"user":"sdn","password":"skyline","domain":"sdn"}}' https://<controller-ip>:8443/sdn/v2.0/auth)