From f0ce41ea61ed13933157e6d4794cf83040f3fd7a Mon Sep 17 00:00:00 2001
From: Danny Meloy <danny.meloy@bbc.co.uk>
Date: Tue, 2 Jun 2020 13:39:33 +0100
Subject: [PATCH] Add OIDCAuthRequestParams parameter to template

Added the OIDCAuthRequestParams line to the keystone-httpd.conf template
This allows for the addition of optional extra parameters that will be sent
along with the Authorization Request when using federated logins:
https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf

Change-Id: I020986bbc2d5baa73a19ee7e1070019cb4e9ce63
---
 templates/keystone-httpd.conf.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2
index 545afdd2..e80d91d7 100644
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@@ -53,6 +53,9 @@ Listen {{ keystone_service_port }}
     OIDCCacheType memcache
     OIDCMemCacheServers "{{ keystone_cache_servers | join(' ') }}"
     {% endif %}
+    {% if keystone_sp.trusted_idp_list.0.oidc_auth_request_params is defined -%}
+    OIDCAuthRequestParams {{ keystone_sp.trusted_idp_list.0.oidc_auth_request_params }}
+    {% endif %}
 
     <Location /v3/OS-FEDERATION/identity_providers/{{ keystone_sp.trusted_idp_list.0.name }}/protocols/openid/auth>
       Require valid-user