kolla-ansible/fix-keystone-oidc-8058917b14b4053c.yaml at 6e835ae758f0a2e8c87ab0bc22d578168395e424 - kolla-ansible - OpenDev: Free Software Needs Free Tools

openstack/kolla-ansible

Jakub Darmach 9892976119

Keystone OIDC JWKS fix

JWT failed to validate on auth-oidc endpoint used by openstack cli
with "could not find key with kid: XX" error. To fix this we need
to use jwks provided in "jwks_uri" by OIDC metadata endpoint.

Missing "ServerName" directive from vhost config causes redirection
to fail in some cases when external tls is enabled.

  - added "keystone_federation_oidc_jwks_uri" variable
  - added "OIDCOAuthVerifyJwksUri" to keystone vhost config
  - added "ServerName" to keystone vhost config
  - jinja templating additional whitespace trimmed to
    correct end result indentation and empty newlines

Closes-bug: 1990375
Change-Id: I4f5c1bd8be8e23cf6299ca4bdfd79e9d98c9a9eb

2022-10-03 12:36:11 +02:00

8 lines

266 B

YAML

Raw Blame History

 ---
 fixes:
   - |
     Fixes Keystone OIDC failing to validate JWT because of missing key
     on Azure auth-oidc endpoint. Adds new variable containing JWKS uri
     that delivers missing keys.
     `LP#1990375 <https://bugs.launchpad.net/kolla-ansible/+bug/1990375>`__