keystone/devstack/files/federation/shib_apache_alias.txt
Kristi Nikolla fbafc06ac6 Devstack plugin to federate with testshib.org
In a previous patch, I implemented a Devstack plugin to enable
federation and idp features in keystone. The plugin was to be
configured from environment variables for the idp entityID, metadata,
sp_auth_url, sp_url, etc. Providing an endless and untestable matrix
of combinations. Therefore the review was gathering dust waiting for
brave reviewers.

This review extracts the meat of the previous patch and removes all
the configuration options. This plugin now does one thing only: It
installs mod_shibboleth and sets up testshib.org as the IdP for keystone.

While testshib.org will not be used in our functional testing, this
is a necessary first step to make such complex changes more testable
reproducible and reviewable.

A follow-up patch will install a shibboleth-idp, and either that one,
or a later one, will switch from testshib.org to the local shibboleth.

This plugin will not yet be run as part of the gate, as "enable_service
federation" needs to be added to the Devstack options.

To run add the following after the lines that set up keystone from a
gerrit review:

enable_plugin keystone $KEYSTONE_REPO
enable_service keystone-saml2-federation

Change-Id: I6f7491ff063359d7065c77b00fe5bfc76f8587d6
2016-11-17 13:54:42 -05:00

2 lines
115 B
Plaintext

WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/keystone/main/$1