From beebf1196e38ce76e0a65ff46c2bb58585d8e5bd Mon Sep 17 00:00:00 2001
From: Georgina Shippey <georgina.shippey@bbc.co.uk>
Date: Tue, 28 Apr 2020 18:11:01 +0100
Subject: [PATCH] Add memcached caching

Piggybacking on to the memcached containers that keystone uses for
its token caching we are able to share state between the apache_mod_openidc
instances so that authentications succeed in cases where auth requests
are being routed to more than one keystone container.

Change-Id: Ia978b46f6a6dfc5da8f8ebecb1a3c9fe44948add
---
 templates/keystone-httpd.conf.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2
index 0507eee7..545afdd2 100644
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@@ -49,6 +49,10 @@ Listen {{ keystone_service_port }}
     {% if keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy is defined -%}
     OIDCOutgoingProxy {{ keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy }}
     {% endif -%}
+    {% if keystone_cache_servers | length > 0 -%}
+    OIDCCacheType memcache
+    OIDCMemCacheServers "{{ keystone_cache_servers | join(' ') }}"
+    {% endif %}
 
     <Location /v3/OS-FEDERATION/identity_providers/{{ keystone_sp.trusted_idp_list.0.name }}/protocols/openid/auth>
       Require valid-user