Merge "Allows the configuration of SSO choices for horizon"
This commit is contained in:
Zuul
Gerrit Code Review
commit
4d95278662
@ -177,21 +177,33 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
|
|||||||
OPENSTACK_KEYSTONE_URL = "{{ tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}"
|
OPENSTACK_KEYSTONE_URL = "{{ tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}"
|
||||||
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
|
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
|
||||||
|
|
||||||
|
|
||||||
|
{{- if .Values.local_settings.auth.sso.enabled }}
|
||||||
# Enables keystone web single-sign-on if set to True.
|
# Enables keystone web single-sign-on if set to True.
|
||||||
#WEBSSO_ENABLED = False
|
WEBSSO_ENABLED = True
|
||||||
|
|
||||||
# Determines which authentication choice to show as default.
|
# Determines which authentication choice to show as default.
|
||||||
#WEBSSO_INITIAL_CHOICE = "credentials"
|
WEBSSO_INITIAL_CHOICE = "{{ .Values.local_settings.auth.sso.initial_choice }}"
|
||||||
|
|
||||||
# The list of authentication mechanisms
|
# The list of authentication mechanisms
|
||||||
# which include keystone federation protocols.
|
# which include keystone federation protocols.
|
||||||
# Current supported protocol IDs are 'saml2' and 'oidc'
|
# Current supported protocol IDs are 'saml2' and 'oidc'
|
||||||
# which represent SAML 2.0, OpenID Connect respectively.
|
# which represent SAML 2.0, OpenID Connect respectively.
|
||||||
# Do not remove the mandatory credentials mechanism.
|
# Do not remove the mandatory credentials mechanism.
|
||||||
#WEBSSO_CHOICES = (
|
WEBSSO_CHOICES = (
|
||||||
# ("credentials", _("Keystone Credentials")),
|
("credentials", _("Keystone Credentials")),
|
||||||
# ("oidc", _("OpenID Connect")),
|
{{- range $i, $sso := .Values.local_settings.auth.idp_mapping }}
|
||||||
# ("saml2", _("Security Assertion Markup Language")))
|
({{ $sso.name | quote }}, {{ $sso.label | quote }}),
|
||||||
|
{{- end }}
|
||||||
|
)
|
||||||
|
|
||||||
|
WEBSSO_IDP_MAPPING = {
|
||||||
|
{{- range $i, $sso := .Values.local_settings.auth.idp_mapping }}
|
||||||
|
{{ $sso.name | quote}}: ({{ $sso.idp | quote }}, {{ $sso.protocol | quote }}),
|
||||||
|
{{- end }}
|
||||||
|
}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
# Disable SSL certificate checks (useful for self-signed certificates):
|
# Disable SSL certificate checks (useful for self-signed certificates):
|
||||||
#OPENSTACK_SSL_NO_VERIFY = True
|
#OPENSTACK_SSL_NO_VERIFY = True
|
||||||
|
|||||||
@ -66,6 +66,19 @@ local_settings:
|
|||||||
enable_firewall: "True"
|
enable_firewall: "True"
|
||||||
enable_vpn: "True"
|
enable_vpn: "True"
|
||||||
enable_fip_topology_check: "True"
|
enable_fip_topology_check: "True"
|
||||||
|
auth:
|
||||||
|
sso:
|
||||||
|
enabled: False
|
||||||
|
initial_choice: "credentials"
|
||||||
|
idp_mapping:
|
||||||
|
- name: "acme_oidc"
|
||||||
|
label: "Acme Corporation - OpenID Connect"
|
||||||
|
idp: "myidp1"
|
||||||
|
protocol: "oidc"
|
||||||
|
- name: "acme_saml2"
|
||||||
|
label: "Acme Corporation - SAML2"
|
||||||
|
idp: "myidp2"
|
||||||
|
protocol: "saml2"
|
||||||
|
|
||||||
conf:
|
conf:
|
||||||
ceilometer_policy:
|
ceilometer_policy:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user