openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes

Add memcached caching 

Piggybacking on to the memcached containers that keystone uses for
its token caching we are able to share state between the apache_mod_openidc
instances so that authentications succeed in cases where auth requests
are being routed to more than one keystone container.

Change-Id: Ia978b46f6a6dfc5da8f8ebecb1a3c9fe44948add
This commit is contained in:
Georgina Shippey 2020-04-28 18:11:01 +01:00 committed by Jonathan Rosser
parent 3b283edf8a
commit beebf1196e
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
templates/keystone-httpd.conf.j2
View File

@ -49,6 +49,10 @@ Listen {{ keystone_service_port }}
{% if keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy is defined -%}
OIDCOutgoingProxy {{ keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy }}
{% endif -%}
{% if keystone_cache_servers | length > 0 -%}
OIDCCacheType memcache
OIDCMemCacheServers "{{ keystone_cache_servers | join(' ') }}"
{% endif %}
<Location /v3/OS-FEDERATION/identity_providers/{{ keystone_sp.trusted_idp_list.0.name }}/protocols/openid/auth>
Require valid-user