eda646382a
Added the following parameters to the httpd.conf template to be used with mod_auth_openidc Apache mod. Params include: - OIDCStateMaxNumberOfCookies - this takes parameters in the form <number> <false|true> where number is the maximum number of state cookies stored in parallel for outstanding auth requests, and the boolean indicates whether cookies that are still valid over this amount are deleted - OIDCDefaultURL - Defines a default URL to be used in case of 3rd-party or OP initiated SSO when no explicit target_link_uri has been provided. The user is also sent to this URL is in case an invalid authorization response was received (ref: https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf) The reason these have been added is due to some stability issues that have been seen regarding cached session cookies that subsequently cause a "state mismatch" error. Being able to limit the number of active cookies appears to resolve this issue. Change-Id: Id2248e93f2636407396d4ac8fe29c8943e4a3a57 |
||
|---|---|---|
| .. | ||
| keystone_nginx.conf.j2 | ||
| keystone-credential-rotate.sh.j2 | ||
| keystone-fernet-rotate.sh.j2 | ||
| keystone-httpd-mpm.conf.j2 | ||
| keystone-httpd.conf.j2 | ||
| keystone-ports.conf.j2 | ||
| keystone-uwsgi.ini.j2 | ||
| keystone.conf.j2 | ||
| keystone.domain.conf.j2 | ||
| shibboleth2.xml.j2 | ||
| shibboleth-attribute-map.xml.j2 | ||