16 lines
933 B
Plaintext
16 lines
933 B
Plaintext
LoadModule auth_openidc_module modules/mod_auth_openidc.so
|
|
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ <%= scope['keystone::params::keystone_wsgi_script_path'] -%>/$1
|
|
OIDCClaimPrefix "OIDC-"
|
|
OIDCResponseType "id_token"
|
|
OIDCScope "openid email profile"
|
|
OIDCProviderMetadataURL "<%= scope['keystone::federation::openidc::openidc_provider_metadata_url']-%>"
|
|
OIDCClientID "<%= scope['keystone::federation::openidc::openidc_client_id']-%>"
|
|
OIDCClientSecret "<%= scope['keystone::federation::openidc::openidc_client_secret']-%>"
|
|
OIDCCryptoPassphrase "<%= scope['keystone::federation::openidc::openidc_crypto_passphrase']-%>"
|
|
OIDCRedirectURI "<%= @openidc_redirect_uri-%>"
|
|
|
|
<Location /v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openidc/auth>
|
|
AuthType "openid-connect"
|
|
Require valid-user
|
|
</Location>
|