diff --git a/defaults/main.yml b/defaults/main.yml
index 8f1be538..0bd12c78 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -436,6 +436,7 @@ keystone_sp: {}
 #      oidc_client_secret: secret
 #      oidc_crypto_passphrase: random string
 #      oidc_redirect_uri: https://keystone:5000/v3/OS-FEDERATION/identity_providers/keycloak-idp/protocols/openid/auth
+#      oidc_outgoing_proxy: "proxy address" (optional setting)
 #      entity_ids:
 #        - 'https://identity-provider/openid-endpoint/'
 #      federated_identities:
diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2
index d77895c3..0507eee7 100644
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@@ -45,7 +45,10 @@ Listen {{ keystone_service_port }}
     OIDCRedirectURI {{ keystone_sp.trusted_idp_list.0.oidc_redirect_uri }}
     {% if keystone_sp.trusted_idp_list.0.oidc_auth_verify_jwks_uri is defined -%}
     OIDCOAuthVerifyJwksUri {{ keystone_sp.trusted_idp_list.0.oidc_auth_verify_jwks_uri }}
-    {% endif %}
+    {% endif -%}
+    {% if keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy is defined -%}
+    OIDCOutgoingProxy {{ keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy }}
+    {% endif -%}
 
     <Location /v3/OS-FEDERATION/identity_providers/{{ keystone_sp.trusted_idp_list.0.name }}/protocols/openid/auth>
       Require valid-user