WebSSO config options
Add support for WEBSSO options in local_settings.py.erb Change-Id: Ie528eb1afeb967d30fc504cd682154913fe6927c Closes-Bug: #1607912
This commit is contained in:
parent
a8462638c7
commit
4ed2edf02a
manifests
releasenotes/notes
spec/classes
templates
@ -305,6 +305,44 @@
|
||||
# Scripting (XFS) vulnerability, so this option allows extra security hardening
|
||||
# where iframes are not used in deployment. Default setting is True.
|
||||
#
|
||||
# [*websso_enabled*]
|
||||
# (optional)Enable the WEBSSO_ENABLED option which turn on the keystone web
|
||||
# single-sign-on if set to true.
|
||||
# Default to false
|
||||
#
|
||||
# [*websso_initial_choice*]
|
||||
# (optional)Set the WEBSSO_INITIAL_CHOICE option used to determine which
|
||||
# authentication choice to show as default.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*websso_choices*]
|
||||
# (optional)Set the WEBSSO_CHOICES option, A list of authentication
|
||||
# mechanisms which include keystone federation protocols and identity
|
||||
# provide protocol mapping keys (WEBSSO_IDP_MAPPING).
|
||||
# Default to undef
|
||||
#
|
||||
# Example:
|
||||
# websso_choices => [
|
||||
# ['oidc', 'OpenID Connect'],
|
||||
# ['saml2', 'Security Assertion Markup Language']
|
||||
# ]
|
||||
#
|
||||
# [*websso_idp_mapping*]
|
||||
# (optional)Set the WEBSSO_IDP_MAPPING option.
|
||||
# A dictionary of specific identity provider and protocol combinations.
|
||||
# From theselected authentication mechanism, the value will be looked up as
|
||||
# keys in the dictionary. If a match is found, it will redirect the user to
|
||||
# a identity provider and federation protocol specific WebSSO endpoint in
|
||||
# keystone, otherwise it will use the value as the protocol_id when
|
||||
# redirecting to the WebSSO by protocol endpoint.
|
||||
# Default to undef
|
||||
#
|
||||
# Example:
|
||||
# websso_idp_mapping => {
|
||||
# 'acme_oidc' => ['acme', 'oidc'],
|
||||
# 'acme_saml2' => ['acme', 'saml2'],
|
||||
# }
|
||||
#
|
||||
# === DEPRECATED group/name
|
||||
#
|
||||
# [*fqdn*]
|
||||
@ -405,6 +443,10 @@ class horizon(
|
||||
$enforce_password_check = false,
|
||||
$enable_secure_proxy_ssl_header = false,
|
||||
$disallow_iframe_embed = true,
|
||||
$websso_enabled = false,
|
||||
$websso_initial_choice = undef,
|
||||
$websso_choices = undef,
|
||||
$websso_idp_mapping = undef,
|
||||
# DEPRECATED PARAMETERS
|
||||
$custom_theme_path = undef,
|
||||
$fqdn = undef,
|
||||
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
features:
|
||||
- Support was added for WEBSSO options in local_settings.py.erb.
|
||||
WEBSSO options enables keystone web single-sign-on.
|
@ -456,6 +456,38 @@ describe 'horizon' do
|
||||
])
|
||||
end
|
||||
end
|
||||
|
||||
context 'with websso enabled' do
|
||||
before do
|
||||
params.merge!({
|
||||
:websso_enabled => 'True',
|
||||
:websso_initial_choice => 'acme',
|
||||
:websso_choices => [
|
||||
['oidc', 'OpenID Connect'],
|
||||
['saml2', 'Security Assertion Markup Language'],
|
||||
],
|
||||
:websso_idp_mapping => {
|
||||
'acme_oidc' => ['acme', 'oidc'],
|
||||
'acme_saml2' => ['acme', 'saml2'],
|
||||
}
|
||||
})
|
||||
end
|
||||
it 'configures websso options' do
|
||||
verify_concat_fragment_contents(catalogue, 'local_settings.py', [
|
||||
'WEBSSO_ENABLED = True',
|
||||
'WEBSSO_INITIAL_CHOICE = "acme"',
|
||||
'WEBSSO_CHOICES = (',
|
||||
' ("credentials", _("Keystone Credentials")),',
|
||||
' ("oidc", _("OpenID Connect")),',
|
||||
' ("saml2", _("Security Assertion Markup Language")),',
|
||||
')',
|
||||
'WEBSSO_IDP_MAPPING = {',
|
||||
' "acme_oidc": ("acme", "oidc"),',
|
||||
' "acme_saml2": ("acme", "saml2"),',
|
||||
'}',
|
||||
])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'horizon on RedHat' do
|
||||
|
@ -273,6 +273,27 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= @keystone_default_role %>"
|
||||
# "acme_oidc": ("acme", "oidc"),
|
||||
# "acme_saml2": ("acme", "saml2")
|
||||
#}
|
||||
<% if @websso_enabled -%>
|
||||
WEBSSO_ENABLED = <%= @websso_enabled %>
|
||||
<% end -%>
|
||||
<% if @websso_initial_choice -%>
|
||||
WEBSSO_INITIAL_CHOICE = "<%= @websso_initial_choice %>"
|
||||
<% end -%>
|
||||
<% if @websso_choices.kind_of?(Array) %>
|
||||
WEBSSO_CHOICES = (
|
||||
("credentials", _("Keystone Credentials")),
|
||||
<% @websso_choices.each do |r| -%>
|
||||
("<%= r[0] -%>", _("<%= r[1] -%>")),
|
||||
<% end -%>
|
||||
)
|
||||
<% end -%>
|
||||
<% if @websso_idp_mapping.kind_of?(Hash) %>
|
||||
WEBSSO_IDP_MAPPING = {
|
||||
<% @websso_idp_mapping.each do |key,r| -%>
|
||||
"<%= key -%>": ("<%= r[0] -%>", "<%= r[1] -%>"),
|
||||
<% end -%>
|
||||
}
|
||||
<% end -%>
|
||||
|
||||
# Disable SSL certificate checks (useful for self-signed certificates):
|
||||
#OPENSTACK_SSL_NO_VERIFY = True
|
||||
|
Loading…
x
Reference in New Issue
Block a user