openidc/mellon: Use static Location for protected endpoints

... instead of using LocationMatch or Location with regexp(~)
unnecessarily. Usage of the Location directive is described in
the Keystone admin guide[1].

[1] https://docs.openstack.org/keystone/latest/admin/federation/configure_federation.html

Change-Id: I1fcefad64225ea9917605d451237967edb4843ed
changes/78/859378/4
Takashi Kajinami 4 months ago
parent 31c42f0dd6
commit fd2ab9f606

@ -16,12 +16,12 @@
</Location>
<% if @enable_websso -%>
<Location ~ "/v3/auth/OS-FEDERATION/websso/mapped">
<Location "/v3/auth/OS-FEDERATION/websso/mapped">
AuthType Mellon
MellonEnable auth
Require valid-user
</Location>
<Location ~ "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::mellon::idp_name']-%>/protocols/mapped/websso">
<Location "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::mellon::idp_name']-%>/protocols/mapped/websso">
AuthType Mellon
MellonEnable auth
Require valid-user

@ -49,15 +49,15 @@
OIDCRedirectURI "<%= @keystone_url -%>/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso"
OIDCRedirectURI "<%= @keystone_url -%>/v3/auth/OS-FEDERATION/websso/openid"
<LocationMatch "/v3/auth/OS-FEDERATION/websso/openid">
<Location "/v3/auth/OS-FEDERATION/websso/openid">
AuthType "openid-connect"
Require valid-user
</LocationMatch>
</Location>
<LocationMatch "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso">
<Location "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso">
AuthType "openid-connect"
Require valid-user
</LocationMatch>
</Location>
<%- if scope['::keystone::federation::openidc::openidc_enable_oauth'] -%>
<%- if scope['keystone::federation::openidc::openidc_verify_method'] == 'introspection' -%>
@ -68,7 +68,7 @@
OIDCOAuthVerifyJwksUri "<%= scope['keystone::federation::openidc::openidc_verify_jwks_uri']-%>"
<%- end -%>
<Location ~ "/v3/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/auth">
<Location "/v3/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/auth">
AuthType oauth20
Require valid-user
</Location>

Loading…
Cancel
Save