openstack
/
charm-keystone-openidc
Code Issues Proposed changes
charm-keystone-openidc/templates/apache-openidc-location.conf

78 lines
3.0 KiB
ApacheConf
Raw Blame History

{# -*- mode: apache -*- #}
OIDCClaimPrefix "OIDC-"
OIDCResponseType "id_token"
OIDCScope "openid email profile"
{% if options.oidc_provider_metadata_url -%}
OIDCProviderMetadataURL {{ options.oidc_provider_metadata_url }}
{% endif -%}
{% if options.oidc_provider_issuer -%}
OIDCProviderIssuer {{ options.oidc_provider_issuer }}
{% endif -%}
{% if options.oidc_provider_auth_endpoint -%}
OIDCProviderAuthorizationEndpoint {{ options.oidc_provider_auth_endpoint }}
{% endif -%}
{% if options.oidc_provider_token_endpoint -%}
OIDCProviderTokenEndpoint {{ options.oidc_provider_token_endpoint }}
{% endif -%}
{% if options.oidc_provider_token_endpoint_auth -%}
OIDCProviderTokenEndpointAuth {{ options.oidc_provider_token_endpoint_auth }}
{% endif -%}
{% if options.oidc_provider_user_info_endpoint -%}
OIDCProviderUserInfoEndpoint {{ options.oidc_provider_user_info_endpoint }}
{% endif -%}
{% if options.oidc_provider_jwks_uri -%}
OIDCProviderJwksUri {{ options.oidc_provider_jwks_uri }}
{% endif -%}
OIDCClientID {{ options.oidc_client_id }}
{% if options.oidc_client_secret -%}
OIDCClientSecret {{ options.oidc_client_secret }}
{% endif -%}
OIDCCryptoPassphrase {{ options.oidc_crypto_passphrase }}
OIDCRedirectURI {{ options.scheme }}://{{ options.hostname }}:{{ options.port }}/v3/OS-FEDERATION/identity_providers/{{ options.idp_id }}/protocols/{{ options.protocol_id }}/auth
{% if options.oidc_remote_user_claim -%}
OIDCRemoteUserClaim {{ options.oidc_remote_user_claim }}
{% endif -%}
{%- if options.enable_oauth %}
{%- if options.oidc_oauth_verify_jwks_uri %}
OIDCOAuthVerifyJwksUri {{ options.oidc_oauth_verify_jwks_uri }}
{%- else %}
OIDCOAuthIntrospectionEndpoint {{ options.oidc_oauth_introspection_endpoint|default(options.provider_metadata.introspection_endpoint) }}
OIDCOAuthIntrospectionEndpointParams token_type_hint=access_token
OIDCOAuthClientID {{ options.oidc_client_id }}
{%- if options.oidc_client_secret %}
OIDCOAuthClientSecret {{ options.oidc_client_secret }}
{%- endif %}
{%- endif %}
{%- endif %}
<LocationMatch /v3/OS-FEDERATION/identity_providers/{{ options.idp_id }}/protocols/{{ options.protocol_id }}/auth>
AuthType {{ options.auth_type }}
Require valid-user
{%- if options.debug %}
LogLevel debug
{%- endif %}
</LocationMatch>
# Support for websso from Horizon
OIDCRedirectURI "{{ options.scheme }}://{{ options.hostname }}:{{ options.port }}/v3/auth/OS-FEDERATION/identity_providers/{{ options.idp_id }}/protocols/{{ options.protocol_id }}/websso"
OIDCRedirectURI "{{ options.scheme }}://{{ options.hostname }}:{{ options.port }}/v3/auth/OS-FEDERATION/websso/{{ options.protocol_id }}"
<Location /v3/auth/OS-FEDERATION/websso/{{ options.protocol_id }}>
Require valid-user
AuthType openid-connect
{%- if options.debug %}
LogLevel debug
{%- endif %}
</Location>
<Location /v3/auth/OS-FEDERATION/identity_providers/{{ options.idp_id }}/protocols/{{ options.protocol_id }}/websso>
Require valid-user
AuthType openid-connect
{%- if options.debug %}
LogLevel debug
{%- endif %}
</Location>
View Git Blame Copy Permalink