openstack/puppet-keystone
Code Issues Proposed changes

Merge "Fix OIDCRedirectURI value"

Browse Source
This commit is contained in:
Zuul
2023-01-20 10:24:36 +00:00
committed by Gerrit Code Review
parent 649dcabb71 bad291ff1f
commit b5b45aad37
1 changed files with 18 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
templates/openidc.conf.erb
View File

@@ -44,20 +44,7 @@
OIDCPassClaimsAs "<%= scope['::keystone::federation::openidc::openidc_pass_claim_as'] %>" OIDCPassClaimsAs "<%= scope['::keystone::federation::openidc::openidc_pass_claim_as'] %>"
<%- end -%> <%- end -%>
# The following directives are necessary to support websso from Horizon OIDCRedirectURI "<%= @keystone_url -%>/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/auth"
# (Per https://docs.openstack.org/keystone/pike/advanced-topics/federation/websso.html)
OIDCRedirectURI "<%= @keystone_url -%>/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso"
OIDCRedirectURI "<%= @keystone_url -%>/v3/auth/OS-FEDERATION/websso/openid"
<Location "/v3/auth/OS-FEDERATION/websso/openid">
AuthType "openid-connect"
Require valid-user
</Location>
<Location "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso">
AuthType "openid-connect"
Require valid-user
</Location>
<%- if scope['::keystone::federation::openidc::openidc_enable_oauth'] -%> <%- if scope['::keystone::federation::openidc::openidc_enable_oauth'] -%>
<%- if scope['keystone::federation::openidc::openidc_verify_method'] == 'introspection' -%> <%- if scope['keystone::federation::openidc::openidc_verify_method'] == 'introspection' -%>
@@ -72,4 +59,21 @@
AuthType oauth20 AuthType oauth20
Require valid-user Require valid-user
</Location> </Location>
<%- else -%>
<Location "/v3/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/auth">
AuthType "openid-connect"
Require valid-user
</Location>
<%- end -%> <%- end -%>
# The following directives are necessary to support websso from Horizon
# (Per https://docs.openstack.org/keystone/latest/admin/federation/configure_federation.html#id5)
<Location "/v3/auth/OS-FEDERATION/websso/openid">
AuthType "openid-connect"
Require valid-user
</Location>
<Location "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso">
AuthType "openid-connect"
Require valid-user
</Location>