OIDC : Add support for setting OIDCClaimDelimiter

Depending on the configuration of the IdP and keystone, without
setting the claim delimiter it's not possible to use multi-value
claims.

Change-Id: I0cfc0d693a5fe2815bf5f6fd5acd038db2fe4dd3
changes/42/710442/4
Mark Chappell 3 years ago
parent 7586bc88c1
commit a7843f0660
  1. 5
      manifests/federation/openidc.pp
  2. 13
      spec/classes/keystone_federation_openidc_spec.rb
  3. 3
      templates/openidc.conf.erb

@ -59,6 +59,10 @@
# (Optional) Cache file clean interval in seconds (only triggered
# on writes). Defaults to undef.
#
# [*openidc_claim_delimiter*]
# (Optional) The delimiter to use when setting multi-valued claims.
# Defaults to undef.
#
# [*openidc_enable_oauth*]
# (Optional) Set to true to enable oauthsupport.
#
@ -110,6 +114,7 @@ class keystone::federation::openidc (
$openidc_cache_shm_entry_size = undef,
$openidc_cache_dir = undef,
$openidc_cache_clean_interval = undef,
$openidc_claim_delimiter = undef,
$openidc_enable_oauth = false,
$openidc_introspection_endpoint = undef,
$memcached_servers = undef,

@ -149,5 +149,18 @@ describe 'keystone::federation::openidc' do
expect(content).to match('OIDCRedisCacheServer "127.0.0.1"')
end
end
context 'with openidc_claim_delimiter attribute' do
before do
params.merge!({
:openidc_claim_delimiter => ';',
})
end
it 'should contain OIDC claim delimiter' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
expect(content).to match('OIDCClaimDelimiter ";"')
end
end
end
end

@ -31,6 +31,9 @@
<%- if scope['::keystone::federation::openidc::redis_password'] != nil -%>
OIDCRedisCachecPassword scope['::keystone::federation::openidc::redis_password'] %>
<%- end -%>
<%- if scope['::keystone::federation::openidc::openidc_claim_delimiter'] != nil -%>
OIDCClaimDelimiter "<%= scope['::keystone::federation::openidc::openidc_claim_delimiter'] %>"
<%- end -%>
# The following directives are necessary to support websso from Horizon
# (Per https://docs.openstack.org/keystone/pike/advanced-topics/federation/websso.html)

Loading…
Cancel
Save