openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes

Add OIDCAuthRequestParams parameter to template 

Added the OIDCAuthRequestParams line to the keystone-httpd.conf template
This allows for the addition of optional extra parameters that will be sent
along with the Authorization Request when using federated logins:
https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf

Change-Id: I020986bbc2d5baa73a19ee7e1070019cb4e9ce63
This commit is contained in:
Danny Meloy 2020-06-02 13:39:33 +01:00
parent 62aa03a247
commit f0ce41ea61
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
templates/keystone-httpd.conf.j2
View File

@ -53,6 +53,9 @@ Listen {{ keystone_service_port }}
OIDCCacheType memcache
OIDCMemCacheServers "{{ keystone_cache_servers | join(' ') }}"
{% endif %}
{% if keystone_sp.trusted_idp_list.0.oidc_auth_request_params is defined -%}
OIDCAuthRequestParams {{ keystone_sp.trusted_idp_list.0.oidc_auth_request_params }}
{% endif %}
<Location /v3/OS-FEDERATION/identity_providers/{{ keystone_sp.trusted_idp_list.0.name }}/protocols/openid/auth>
Require valid-user