The KeystoneV3Authentication does only generate a JSON payload for authorization which equals to the default scope in Keystone specs. But you should also be able to scope towards a project or domain via project/tennant name/id and or domain name/id.
Our Keystone implementations needs this scoping information in order to sucessfully authenticate a user. Otherwise a 400er error is returned.
The KeystoneV3Authentication does only generate a JSON payload for authorization which equals to the default scope in Keystone specs. But you should also be able to scope towards a project or domain via project/tennant name/id and or domain name/id.
Our Keystone implementations needs this scoping information in order to sucessfully authenticate a user. Otherwise a 400er error is returned.
For the specific payloads see: https://docs.openstack.org/keystone/pike/api_curl_examples.html
Judging from the description the ticket #151 might also be related to this problem.
I currently prepare a PR to provide the correct payload.