From c450599cbd45210844e1356987c4f27e84e7161d Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Tue, 10 Sep 2024 13:45:51 +0900
Subject: [PATCH] Update mod_openidc config for devstack

Use a vanity URL for redirect uri so that it does not conflict with
existing keystone endpoint. The documentation was updated recently[1]
but the actual configuration used in devstack setup was still kept old
at that time.

[1] 7ac0c3cd33214ff3c926e2b5316b637892d701fb

Related-Bug: #2075349
Change-Id: I8d06f3c388260f356c7a1da0212bb3b399f3a848
---
 devstack/files/oidc/apache_oidc.conf | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/devstack/files/oidc/apache_oidc.conf b/devstack/files/oidc/apache_oidc.conf
index eab84fd073..f26a052aef 100644
--- a/devstack/files/oidc/apache_oidc.conf
+++ b/devstack/files/oidc/apache_oidc.conf
@@ -12,8 +12,12 @@ OIDCClientSecret "%OIDC_CLIENT_SECRET%"
 OIDCPKCEMethod "S256"
 OIDCCryptoPassphrase "openstack"
 
-OIDCRedirectURI "https://%HOST_IP%/identity/v3/auth/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/openid/websso"
-OIDCRedirectURI "https://%HOST_IP%/identity/v3/auth/OS-FEDERATION/websso/openid"
+OIDCRedirectURI "https://%HOST_IP%/identity/v3/redirect_uri"
+
+<Location "/v3/redirect_uri">
+   Require valid-user
+   AuthType openid-connect
+</Location>
 
 <LocationMatch "/v3/auth/OS-FEDERATION/websso/openid">
     AuthType "openid-connect"