openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes

Add option for OIDCOutgoingProxy for mod_auth_openidc 

Allows a user to specify the OIDCOutgoingProxy setting for mod_auth_openidc
when setting up an OIDC identity provider.

Change-Id: Ib37ace634f81e4f691d0b1aa8c52424a1c851da4
This commit is contained in:
Georgina Shippey 2020-04-28 18:00:44 +01:00
parent 8d7d94efdd
commit 3b283edf8a
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
defaults/main.yml
View File

@ -436,6 +436,7 @@ keystone_sp: {}
# oidc_client_secret: secret
# oidc_crypto_passphrase: random string
# oidc_redirect_uri: https://keystone:5000/v3/OS-FEDERATION/identity_providers/keycloak-idp/protocols/openid/auth
# oidc_outgoing_proxy: "proxy address" (optional setting)
# entity_ids:
# - 'https://identity-provider/openid-endpoint/'
# federated_identities:

5
templates/keystone-httpd.conf.j2
View File

@ -45,7 +45,10 @@ Listen {{ keystone_service_port }}
OIDCRedirectURI {{ keystone_sp.trusted_idp_list.0.oidc_redirect_uri }}
{% if keystone_sp.trusted_idp_list.0.oidc_auth_verify_jwks_uri is defined -%}
OIDCOAuthVerifyJwksUri {{ keystone_sp.trusted_idp_list.0.oidc_auth_verify_jwks_uri }}
{% endif %}
{% endif -%}
{% if keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy is defined -%}
OIDCOutgoingProxy {{ keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy }}
{% endif -%}
<Location /v3/OS-FEDERATION/identity_providers/{{ keystone_sp.trusted_idp_list.0.name }}/protocols/openid/auth>
Require valid-user