OIDC : Add support for setting OIDCClaimDelimiter
Depending on the configuration of the IdP and keystone, without setting the claim delimiter it's not possible to use multi-value claims. Change-Id: I0cfc0d693a5fe2815bf5f6fd5acd038db2fe4dd3
This commit is contained in:
parent
7586bc88c1
commit
a7843f0660
@ -59,6 +59,10 @@
|
||||
# (Optional) Cache file clean interval in seconds (only triggered
|
||||
# on writes). Defaults to undef.
|
||||
#
|
||||
# [*openidc_claim_delimiter*]
|
||||
# (Optional) The delimiter to use when setting multi-valued claims.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*openidc_enable_oauth*]
|
||||
# (Optional) Set to true to enable oauthsupport.
|
||||
#
|
||||
@ -110,6 +114,7 @@ class keystone::federation::openidc (
|
||||
$openidc_cache_shm_entry_size = undef,
|
||||
$openidc_cache_dir = undef,
|
||||
$openidc_cache_clean_interval = undef,
|
||||
$openidc_claim_delimiter = undef,
|
||||
$openidc_enable_oauth = false,
|
||||
$openidc_introspection_endpoint = undef,
|
||||
$memcached_servers = undef,
|
||||
|
@ -149,5 +149,18 @@ describe 'keystone::federation::openidc' do
|
||||
expect(content).to match('OIDCRedisCacheServer "127.0.0.1"')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with openidc_claim_delimiter attribute' do
|
||||
before do
|
||||
params.merge!({
|
||||
:openidc_claim_delimiter => ';',
|
||||
})
|
||||
end
|
||||
|
||||
it 'should contain OIDC claim delimiter' do
|
||||
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
|
||||
expect(content).to match('OIDCClaimDelimiter ";"')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -31,6 +31,9 @@
|
||||
<%- if scope['::keystone::federation::openidc::redis_password'] != nil -%>
|
||||
OIDCRedisCachecPassword scope['::keystone::federation::openidc::redis_password'] %>
|
||||
<%- end -%>
|
||||
<%- if scope['::keystone::federation::openidc::openidc_claim_delimiter'] != nil -%>
|
||||
OIDCClaimDelimiter "<%= scope['::keystone::federation::openidc::openidc_claim_delimiter'] %>"
|
||||
<%- end -%>
|
||||
|
||||
# The following directives are necessary to support websso from Horizon
|
||||
# (Per https://docs.openstack.org/keystone/pike/advanced-topics/federation/websso.html)
|
||||
|
Loading…
x
Reference in New Issue
Block a user