Add option for OIDCOutgoingProxy for mod_auth_openidc
Allows a user to specify the OIDCOutgoingProxy setting for mod_auth_openidc when setting up an OIDC identity provider. Change-Id: Ib37ace634f81e4f691d0b1aa8c52424a1c851da4
This commit is contained in:
parent
8d7d94efdd
commit
3b283edf8a
|
@ -436,6 +436,7 @@ keystone_sp: {}
|
|||
# oidc_client_secret: secret
|
||||
# oidc_crypto_passphrase: random string
|
||||
# oidc_redirect_uri: https://keystone:5000/v3/OS-FEDERATION/identity_providers/keycloak-idp/protocols/openid/auth
|
||||
# oidc_outgoing_proxy: "proxy address" (optional setting)
|
||||
# entity_ids:
|
||||
# - 'https://identity-provider/openid-endpoint/'
|
||||
# federated_identities:
|
||||
|
|
|
@ -45,7 +45,10 @@ Listen {{ keystone_service_port }}
|
|||
OIDCRedirectURI {{ keystone_sp.trusted_idp_list.0.oidc_redirect_uri }}
|
||||
{% if keystone_sp.trusted_idp_list.0.oidc_auth_verify_jwks_uri is defined -%}
|
||||
OIDCOAuthVerifyJwksUri {{ keystone_sp.trusted_idp_list.0.oidc_auth_verify_jwks_uri }}
|
||||
{% endif %}
|
||||
{% endif -%}
|
||||
{% if keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy is defined -%}
|
||||
OIDCOutgoingProxy {{ keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy }}
|
||||
{% endif -%}
|
||||
|
||||
<Location /v3/OS-FEDERATION/identity_providers/{{ keystone_sp.trusted_idp_list.0.name }}/protocols/openid/auth>
|
||||
Require valid-user
|
||||
|
|
Loading…
Reference in New Issue