Update mod_openidc config for devstack

Use a vanity URL for redirect uri so that it does not conflict with
existing keystone endpoint. The documentation was updated recently[1]
but the actual configuration used in devstack setup was still kept old
at that time.

[1] 7ac0c3cd33

Related-Bug: #2075349
Change-Id: I8d06f3c388260f356c7a1da0212bb3b399f3a848
This commit is contained in:
Takashi Kajinami 2024-09-10 13:45:51 +09:00
parent 97431ec99b
commit c450599cbd

View File

@ -12,8 +12,12 @@ OIDCClientSecret "%OIDC_CLIENT_SECRET%"
OIDCPKCEMethod "S256" OIDCPKCEMethod "S256"
OIDCCryptoPassphrase "openstack" OIDCCryptoPassphrase "openstack"
OIDCRedirectURI "https://%HOST_IP%/identity/v3/auth/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/openid/websso" OIDCRedirectURI "https://%HOST_IP%/identity/v3/redirect_uri"
OIDCRedirectURI "https://%HOST_IP%/identity/v3/auth/OS-FEDERATION/websso/openid"
<Location "/v3/redirect_uri">
Require valid-user
AuthType openid-connect
</Location>
<LocationMatch "/v3/auth/OS-FEDERATION/websso/openid"> <LocationMatch "/v3/auth/OS-FEDERATION/websso/openid">
AuthType "openid-connect" AuthType "openid-connect"