31 lines
1.6 KiB
Plaintext
31 lines
1.6 KiB
Plaintext
LoadModule auth_openidc_module modules/mod_auth_openidc.so
|
|
OIDCClaimPrefix "OIDC-"
|
|
OIDCResponseType "<%= scope['keystone::federation::openidc::openidc_response_type']-%>"
|
|
OIDCScope "openid email profile"
|
|
OIDCProviderMetadataURL "<%= scope['keystone::federation::openidc::openidc_provider_metadata_url']-%>"
|
|
OIDCClientID "<%= scope['keystone::federation::openidc::openidc_client_id']-%>"
|
|
OIDCClientSecret "<%= scope['keystone::federation::openidc::openidc_client_secret']-%>"
|
|
OIDCCryptoPassphrase "<%= scope['keystone::federation::openidc::openidc_crypto_passphrase']-%>"
|
|
|
|
# The following directives are required to support openidc from the command
|
|
# line
|
|
<Location ~ "/v3/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/auth">
|
|
AuthType oauth20
|
|
Require valid-user
|
|
</Location>
|
|
|
|
# The following directives are necessary to support websso from Horizon
|
|
# (Per https://docs.openstack.org/keystone/pike/advanced-topics/federation/websso.html)
|
|
OIDCRedirectURI "<%= @keystone_endpoint-%>/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso"
|
|
OIDCRedirectURI "<%= @keystone_endpoint-%>/v3/auth/OS-FEDERATION/websso/openid"
|
|
|
|
<LocationMatch "/v3/auth/OS-FEDERATION/websso/openid">
|
|
AuthType "openid-connect"
|
|
Require valid-user
|
|
</LocationMatch>
|
|
|
|
<LocationMatch "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso">
|
|
AuthType "openid-connect"
|
|
Require valid-user
|
|
</LocationMatch>
|