openstack/deb-keystone
Code Issues Proposed changes

Merge "Enforce `saml2` protocol in Apache config"

Browse Source
This commit is contained in:
Jenkins 2014-06-14 18:37:19 +00:00 committed by Gerrit Code Review
commit cec8924fcd
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/source/configure_federation.rst
View File

@ -70,7 +70,7 @@ Make sure you add two *<Location>* directives to the *wsgi-keystone.conf*::
SetHandler shib
</Location>
<LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth>
<LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/saml2/auth>
ShibRequestSetting requireSession 1
AuthType shibboleth
ShibRequireSession On
@ -79,6 +79,10 @@ Make sure you add two *<Location>* directives to the *wsgi-keystone.conf*::
Require valid-user
</LocationMatch>
.. NOTE::
``saml2`` may be different in your deployment, but do not use a wildcard value.
Otherwise *every* federated protocol will be handled by Shibboleth.
Enable the Keystone virtual host, for example:
.. code-block:: bash