Add support for SSO redirect options
This change implements support for automatic redirect in SSO, which was
implemented during Stein cycle[1].
[1] 7fc8018956
Change-Id: I421ccdcc003ff7cc917b2a9f9efac8ec051f51b0
This commit is contained in:
Takashi Kajinami
parent
4a4272f746
commit
40b7fe8031
|
|
@ -427,6 +427,25 @@
|
|||
# 'acme_saml2' => ['acme', 'saml2'],
|
||||
# }
|
||||
#
|
||||
# [*websso_default_redirect*]
|
||||
# (optional) Enables redirection on login to the identity proider defined on
|
||||
# WEBSSO_DEFAULT_REDIRECT_PROTOCOL and WEBSSO_DEFAULT_REDIRECT_REGIO.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*websso_default_redirect_protocol*]
|
||||
# (optional) Specifies the protocol to use fo default redirection on login.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*websso_default_redirect_region*]
|
||||
# (optional) Specifies the region to which the connection will be established
|
||||
# on login.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*websso_default_redirect_logout*]
|
||||
# (optional) Enables redirection on logout to the method specified on
|
||||
# the identity provider.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*password_validator*]
|
||||
# (optional) Horizon provides a password validation check, which OpenStack cloud
|
||||
# operators can use to enforce password complexity checks for users within horizon.
|
||||
|
|
@ -560,6 +579,10 @@ class horizon(
|
|||
$websso_initial_choice = undef,
|
||||
$websso_choices = undef,
|
||||
$websso_idp_mapping = undef,
|
||||
$websso_default_redirect = false,
|
||||
$websso_default_redirect_protocol = undef,
|
||||
$websso_default_redirect_region = undef,
|
||||
$websso_default_redirect_logout = undef,
|
||||
$password_validator = undef,
|
||||
$password_validator_help = undef,
|
||||
$enable_user_pass = true,
|
||||
|
|
|
|||
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Support for SSO redirect options have been added.
|
||||
|
|
@ -589,32 +589,51 @@ describe 'horizon' do
|
|||
context 'with websso enabled' do
|
||||
before do
|
||||
params.merge!({
|
||||
:websso_enabled => 'True',
|
||||
:websso_initial_choice => 'acme',
|
||||
:websso_choices => [
|
||||
['oidc', 'OpenID Connect'],
|
||||
['saml2', 'Security Assertion Markup Language'],
|
||||
],
|
||||
:websso_idp_mapping => {
|
||||
'acme_oidc' => ['acme', 'oidc'],
|
||||
'acme_saml2' => ['acme', 'saml2'],
|
||||
}
|
||||
})
|
||||
:websso_enabled => 'True',
|
||||
:websso_initial_choice => 'acme',
|
||||
:websso_choices => [
|
||||
['oidc', 'OpenID Connect'],
|
||||
['saml2', 'Security Assertion Markup Language'],
|
||||
],
|
||||
:websso_idp_mapping => {
|
||||
'acme_oidc' => ['acme', 'oidc'],
|
||||
'acme_saml2' => ['acme', 'saml2'],
|
||||
}
|
||||
})
|
||||
end
|
||||
it 'configures websso options' do
|
||||
verify_concat_fragment_contents(catalogue, 'local_settings.py', [
|
||||
'WEBSSO_ENABLED = True',
|
||||
'WEBSSO_INITIAL_CHOICE = "acme"',
|
||||
'WEBSSO_CHOICES = (',
|
||||
' ("credentials", _("Keystone Credentials")),',
|
||||
' ("oidc", _("OpenID Connect")),',
|
||||
' ("saml2", _("Security Assertion Markup Language")),',
|
||||
')',
|
||||
'WEBSSO_IDP_MAPPING = {',
|
||||
' "acme_oidc": ("acme", "oidc"),',
|
||||
' "acme_saml2": ("acme", "saml2"),',
|
||||
'}',
|
||||
])
|
||||
'WEBSSO_ENABLED = True',
|
||||
'WEBSSO_INITIAL_CHOICE = "acme"',
|
||||
'WEBSSO_CHOICES = (',
|
||||
' ("credentials", _("Keystone Credentials")),',
|
||||
' ("oidc", _("OpenID Connect")),',
|
||||
' ("saml2", _("Security Assertion Markup Language")),',
|
||||
')',
|
||||
'WEBSSO_IDP_MAPPING = {',
|
||||
' "acme_oidc": ("acme", "oidc"),',
|
||||
' "acme_saml2": ("acme", "saml2"),',
|
||||
'}',
|
||||
])
|
||||
end
|
||||
end
|
||||
|
||||
context 'with websso redirect enabled' do
|
||||
before do
|
||||
params.merge!({
|
||||
:websso_default_redirect => true,
|
||||
:websso_default_redirect_protocol => 'oidc',
|
||||
:websso_default_redirect_region => 'http://127.0.0.1:5000',
|
||||
:websso_default_redirect_logout => 'http://idptest/logout'
|
||||
})
|
||||
end
|
||||
it 'configures websso redirect options' do
|
||||
verify_concat_fragment_contents(catalogue, 'local_settings.py', [
|
||||
'WEBSSO_DEFAULT_REDIRECT = True',
|
||||
'WEBSSO_DEFAULT_REDIRECT_PROTOCOL = "oidc"',
|
||||
'WEBSSO_DEFAULT_REDIRECT_REGION = "http://127.0.0.1:5000"',
|
||||
'WEBSSO_DEFAULT_REDIRECT_LOGOUT = "http://idptest/logout"'
|
||||
])
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -335,6 +335,33 @@ WEBSSO_IDP_MAPPING = {
|
|||
}
|
||||
<% end -%>
|
||||
|
||||
# Enables redirection on login to the identity provider defined on
|
||||
# WEBSSO_DEFAULT_REDIRECT_PROTOCOL and WEBSSO_DEFAULT_REDIRECT_REGION
|
||||
#WEBSSO_DEFAULT_REDIRECT = False
|
||||
<% if @websso_default_redirect -%>
|
||||
WEBSSO_DEFAULT_REDIRECT = True
|
||||
<% end -%>
|
||||
|
||||
# Specifies the protocol to use for default redirection on login
|
||||
#WEBSSO_DEFAULT_REDIRECT_PROTOCOL = None
|
||||
<% if @websso_default_redirect_protocol -%>
|
||||
WEBSSO_DEFAULT_REDIRECT_PROTOCOL = "<%= @websso_default_redirect_protocol %>"
|
||||
<% end -%>
|
||||
|
||||
# Specifies the region to which the connection will be established on login
|
||||
#WEBSSO_DEFAULT_REDIRECT_REGION = OPENSTACK_KEYSTONE_URL
|
||||
<% if @websso_default_redirect_region -%>
|
||||
WEBSSO_DEFAULT_REDIRECT_REGION = "<%= @websso_default_redirect_region %>"
|
||||
<% end -%>
|
||||
|
||||
# Enables redirection on logout to the method specified on the identity
|
||||
# provider. Once logout the client will be redirected to the address specified
|
||||
# in this variable.
|
||||
#WEBSSO_DEFAULT_REDIRECT_LOGOUT = None
|
||||
<% if @websso_default_redirect_logout -%>
|
||||
WEBSSO_DEFAULT_REDIRECT_LOGOUT = "<%= @websso_default_redirect_logout %>"
|
||||
<% end -%>
|
||||
|
||||
# Disable SSL certificate checks (useful for self-signed certificates):
|
||||
#OPENSTACK_SSL_NO_VERIFY = True
|
||||
<% if @ssl_no_verify %>
|
||||
|
|
|
|||
Loading…
Reference in New Issue