Add semicolon claim delimiter config in apache2 plugin

By default the oidc apache2 plugin uses comma, but Keystone expects a semicolon [1,2]. This is necessary when writing multi-valued data (such as OIDC-groups) for Keystone to consume. [1] 187bcad522/keystone/federation/utils.py (L515) [2] https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html#mappings-examples Closes-bug: #2085727 Change-Id: I179ac68a463866c4efaa7c9259a247bf4dc3b573
2025-02-21 17:15:13 -03:00 · 2025-02-21 17:15:13 -03:00 · 4b38b5ed26
commit 4b38b5ed26
parent b4b7b27815
1 changed files with 1 additions and 0 deletions
--- a/templates/apache-openidc-location.conf
+++ b/templates/apache-openidc-location.conf
@ -1,5 +1,6 @@
 {# -*- mode: apache -*- #}
 OIDCClaimPrefix "OIDC-"
+OIDCClaimDelimiter ";"
 {% if options.oidc_response_type -%}
 OIDCResponseType {{ options.oidc_response_type }}
 {% endif -%}