Correct openid federation protocol name in httpd template
Keystone requires the auth method for federation using OpenID Connect to be 'openid', which we already enforce in puppet-keystone. The protocol name that shows up in the federation URLs in the httpd config must match the auth method. We have a few locations that don't match, which results in an invalid configuration. This patch corrects the protocol in the locations protected by mod_auth_openidc and the OIDCRedirectURI directives. Change-Id: I02027676c532b447e56c8774c25015ec9a40b414
This commit is contained in:
parent
63142bf6ef
commit
95f02a40e0
@ -9,22 +9,22 @@
|
|||||||
|
|
||||||
# The following directives are required to support openidc from the command
|
# The following directives are required to support openidc from the command
|
||||||
# line
|
# line
|
||||||
<Location ~ "/v3/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openidc/auth">
|
<Location ~ "/v3/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/auth">
|
||||||
AuthType oauth20
|
AuthType oauth20
|
||||||
Require valid-user
|
Require valid-user
|
||||||
</Location>
|
</Location>
|
||||||
|
|
||||||
# The following directives are necessary to support websso from Horizon
|
# The following directives are necessary to support websso from Horizon
|
||||||
# (Per https://docs.openstack.org/keystone/pike/advanced-topics/federation/websso.html)
|
# (Per https://docs.openstack.org/keystone/pike/advanced-topics/federation/websso.html)
|
||||||
OIDCRedirectURI "<%= @keystone_endpoint-%>/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openidc/websso"
|
OIDCRedirectURI "<%= @keystone_endpoint-%>/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso"
|
||||||
OIDCRedirectURI "<%= @keystone_endpoint-%>/v3/auth/OS-FEDERATION/websso"
|
OIDCRedirectURI "<%= @keystone_endpoint-%>/v3/auth/OS-FEDERATION/websso/openid"
|
||||||
|
|
||||||
<LocationMatch "/v3/auth/OS-FEDERATION/websso/openidc">
|
<LocationMatch "/v3/auth/OS-FEDERATION/websso/openid">
|
||||||
AuthType "openid-connect"
|
AuthType "openid-connect"
|
||||||
Require valid-user
|
Require valid-user
|
||||||
</LocationMatch>
|
</LocationMatch>
|
||||||
|
|
||||||
<LocationMatch "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openidc/websso">
|
<LocationMatch "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso">
|
||||||
AuthType "openid-connect"
|
AuthType "openid-connect"
|
||||||
Require valid-user
|
Require valid-user
|
||||||
</LocationMatch>
|
</LocationMatch>
|
||||||
|
Loading…
Reference in New Issue
Block a user