openstack/keystone
Code Issues Proposed changes
Files
08065b255fe2fd89197452ad73587b68bfaa788d
keystone/devstack/files/oidc/apache_oidc.conf
Zuul 6965c2a24b Merge "extend docs explaining OIDC"
2025-01-22 18:26:03 +00:00

53 lines
1.5 KiB
Plaintext
Raw Blame History

# DO NOT USE THIS IN PRODUCTION ENVIRONMENTS!
OIDCSSLValidateServer Off
OIDCOAuthSSLValidateServer Off
OIDCCookieSameSite On
OIDCClaimPrefix "OIDC-"
OIDCClaimDelimiter ";"
OIDCResponseType "id_token"
OIDCScope "openid email profile"
OIDCProviderMetadataURL "%OIDC_METADATA_URL%"
OIDCClientID "%OIDC_CLIENT_ID%"
OIDCClientSecret "%OIDC_CLIENT_SECRET%"
OIDCPKCEMethod "S256"
OIDCCryptoPassphrase "openstack"
OIDCRedirectURI "https://%HOST_IP%/identity/v3/redirect_uri"
<Location "/v3/redirect_uri">
Require valid-user
AuthType openid-connect
</Location>
<LocationMatch "/v3/auth/OS-FEDERATION/websso/openid">
AuthType "openid-connect"
Require valid-user
LogLevel debug
</LocationMatch>
<LocationMatch "/v3/auth/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/openid/websso">
AuthType "openid-connect"
Require valid-user
LogLevel debug
</LocationMatch>
<LocationMatch "/v3/auth/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/openid/auth">
AuthType "openid-connect"
Require valid-user
LogLevel debug
</LocationMatch>
<Location ~ "/v3/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/openid/auth">
AuthType oauth20
Require valid-user
</Location>
OIDCOAuthClientID "%OIDC_CLIENT_ID%"
OIDCOAuthClientSecret "%OIDC_CLIENT_SECRET%"
OIDCOAuthIntrospectionEndpoint "%OIDC_INTROSPECTION_URL%"
# Horizon favors the referrer to the Keystone URL that is set.
# https://github.com/openstack/horizon/blob/5e4ca1a9fdec04db08552e9e93fe372b8b8b45ae/openstack_auth/views.py#L192
Header always set Referrer-Policy "no-referrer"
View Git Blame Copy Permalink