diff --git a/mistral/context.py b/mistral/context.py
index f5b337c6e..79bce4d1c 100644
--- a/mistral/context.py
+++ b/mistral/context.py
@@ -87,6 +87,7 @@ class MistralContext(BaseContext):
         "is_trust_scoped",
         "redelivered",
         "expires_at",
+        "trust_id",
     ])
 
     def __repr__(self):
diff --git a/mistral/services/security.py b/mistral/services/security.py
index 8ccca8def..85d7f602e 100644
--- a/mistral/services/security.py
+++ b/mistral/services/security.py
@@ -70,6 +70,7 @@ def create_context(trust_id, project_id):
             project_id=project_id,
             auth_token=client.auth_token,
             is_trust_scoped=True,
+            trust_id=trust_id,
         )
 
     return auth_ctx.MistralContext(
diff --git a/mistral/utils/openstack/keystone.py b/mistral/utils/openstack/keystone.py
index 45466aba5..4529fc221 100644
--- a/mistral/utils/openstack/keystone.py
+++ b/mistral/utils/openstack/keystone.py
@@ -74,7 +74,20 @@ def get_endpoint_for_project(service_name=None, service_type=None):
     ctx = context.ctx()
 
     token = ctx.auth_token
-    response = client().tokens.get_token_data(token, include_catalog=True)
+
+    if (ctx.is_trust_scoped and is_token_trust_scoped(token)):
+        if ctx.trust_id is None:
+            raise Exception(
+                "'trust_id' must be provided in the admin context."
+            )
+
+        trust_client = client_for_trusts(ctx.trust_id)
+        response = trust_client.tokens.get_token_data(
+            token,
+            include_catalog=True
+        )
+    else:
+        response = client().tokens.get_token_data(token, include_catalog=True)
 
     endpoints = select_service_endpoints(
         service_name,