From 4c9642765e632d409c6d9028aae26f4514af7033 Mon Sep 17 00:00:00 2001 From: Georgina Shippey Date: Mon, 15 Jun 2020 19:52:21 +0100 Subject: [PATCH] Identity Providers support improvments Identity providers can be created with specified domain IDPs are linked to a keystone domain. Currently when we provision a new IDP it gets created within a new autogenerated domain. Provisioners can now give a domain_id in an IDP entry within the trusted_idp_list and the IDP will be created within that domain. Add IDP display_name to defaults Allows operator a name different to the one used in the backend to display to the user in the horizon Identity Provider dropdown. Change-Id: Iaf9f1b9198f14c903f9801e0ce7da86b74d9c5bd --- defaults/main.yml | 2 ++ tasks/keystone_federation_sp_idp_setup.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 0878bbf7..8ed6e54b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -339,6 +339,8 @@ keystone_sp: {} # trusted_idp_list: # note that only one of these is supported at any one time for now # - name: "keystone-idp" +# domain_id: "default" +# display_name: "Keystone IDP" # Optional, used in Horizon IDP dropdown # entity_ids: # - 'https://keystone-idp:5000/v3/OS-FEDERATION/saml2/idp' # metadata_uri: 'https://keystone-idp:5000/v3/OS-FEDERATION/saml2/metadata' diff --git a/tasks/keystone_federation_sp_idp_setup.yml b/tasks/keystone_federation_sp_idp_setup.yml index c51706e1..66182924 100644 --- a/tasks/keystone_federation_sp_idp_setup.yml +++ b/tasks/keystone_federation_sp_idp_setup.yml @@ -127,6 +127,7 @@ idp_name: "{{ item.name }}" idp_remote_ids: "{{ item.entity_ids }}" idp_enabled: true + idp_domain_id: "{{ item.domain_id | default(omit) }}" login_user: "{{ keystone_admin_user_name }}" login_password: "{{ keystone_auth_admin_password }}" login_project_name: "{{ keystone_admin_tenant_name }}"