fbafc06ac6
In a previous patch, I implemented a Devstack plugin to enable federation and idp features in keystone. The plugin was to be configured from environment variables for the idp entityID, metadata, sp_auth_url, sp_url, etc. Providing an endless and untestable matrix of combinations. Therefore the review was gathering dust waiting for brave reviewers. This review extracts the meat of the previous patch and removes all the configuration options. This plugin now does one thing only: It installs mod_shibboleth and sets up testshib.org as the IdP for keystone. While testshib.org will not be used in our functional testing, this is a necessary first step to make such complex changes more testable reproducible and reviewable. A follow-up patch will install a shibboleth-idp, and either that one, or a later one, will switch from testshib.org to the local shibboleth. This plugin will not yet be run as part of the gate, as "enable_service federation" needs to be added to the Devstack options. To run add the following after the lines that set up keystone from a gerrit review: enable_plugin keystone $KEYSTONE_REPO enable_service keystone-saml2-federation Change-Id: I6f7491ff063359d7065c77b00fe5bfc76f8587d6
2 lines
115 B
Plaintext
2 lines
115 B
Plaintext
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/keystone/main/$1
|