Merge "add oauth support" into stable/wallaby

2022-05-24 19:39:13 +00:00
parent 0b14a99719 8d03f23fbb
commit e8086edc4f
2 changed files with 12 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -460,6 +460,9 @@ keystone_sp: {}
 #      oidc_crypto_passphrase: random string
 #      oidc_redirect_uri: https://keystone:5000/v3/OS-FEDERATION/identity_providers/keycloak-idp/protocols/openid/auth
 #      oidc_outgoing_proxy: "proxy address" (optional setting)
+#      oidc_oauth_introspection_endpoint: endpoint address (optional)
+#      oidc_oauth_client_id: string (optional)
+#      oidc_oauth_client_secret: secret (optional)
 #      oidc_auth_request_params: param=some+url+encoded+value&param2=and+another+one (optional)
 #      oidc_state_max_number_of_cookies: 5 false (optional)
 #      oidc_default_url: https://example.com/callback (optional)
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@@ -49,6 +49,15 @@ Listen {{ keystone_web_server_bind_address }}:{{ keystone_service_port }}
    {% if keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy is defined -%}
    OIDCOutgoingProxy {{ keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy }}
    {% endif -%}
+    {% if keystone_sp.trusted_idp_list.0.oidc_oauth_introspection_endpoint is defined -%}
+    OIDCOAuthIntrospectionEndpoint {{ keystone_sp.trusted_idp_list.0.oidc_oauth_introspection_endpoint }}
+    {% endif -%}
+    {% if keystone_sp.trusted_idp_list.0.oidc_oauth_client_id is defined -%}
+    OIDCOAuthClientID {{ keystone_sp.trusted_idp_list.0.oidc_oauth_client_id }}
+    {% endif -%}
+    {% if keystone_sp.trusted_idp_list.0.oidc_oauth_client_secret is defined -%}
+    OIDCOAuthClientSecret {{ keystone_sp.trusted_idp_list.0.oidc_oauth_client_secret }}
+    {% endif -%}
    {% if keystone_cache_servers | length > 0 -%}
    OIDCCacheType memcache
    OIDCMemCacheServers "{{ keystone_cache_servers | join(' ') }}"