73d7194a60
When configuring federation using mellon it should be possible to also setup Web Single Sign-On (SSO) according to: http://docs.openstack.org/developer/keystone/federation/websso.html Closes-Bug: #1655620 Change-Id: I340b3a86f6870ea3b9240b4d4f69e33dde004868
30 lines
1.4 KiB
Plaintext
30 lines
1.4 KiB
Plaintext
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ <%= scope['keystone::params::keystone_wsgi_script_path'] -%>/$1
|
|
|
|
<Location /v3>
|
|
MellonEnable "info"
|
|
MellonSPPrivateKeyFile <%= scope['apache::mod_dir']-%>/mellon/http_keystone.fqdn.key
|
|
MellonSPCertFile <%= scope['apache::mod_dir']-%>/mellon/http_keystone.fqdn.cert
|
|
MellonSPMetadataFile <%= scope['apache::mod_dir']-%>/mellon/http_keystone.fqdn.xml
|
|
MellonIdPMetadataFile <%= scope['apache::mod_dir']-%>/mellon/idp-metadata.xml
|
|
MellonEndpointPath /v3/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::mellon::idp_name']-%>/protocols/<%= scope['keystone::federation::mellon::protocol_name']-%>/auth/mellon
|
|
MellonIdP "IDP"
|
|
</Location>
|
|
|
|
<Location /v3/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::mellon::idp_name']-%>/protocols/<%= scope['keystone::federation::mellon::protocol_name']-%>/auth>
|
|
AuthType "Mellon"
|
|
MellonEnable "auth"
|
|
</Location>
|
|
|
|
<% if @enable_websso -%>
|
|
<Location ~ "/v3/auth/OS-FEDERATION/websso/mapped">
|
|
AuthType Mellon
|
|
MellonEnable auth
|
|
Require valid-user
|
|
</Location>
|
|
<Location ~ "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::mellon::idp_name']-%>/protocols/mapped/websso">
|
|
AuthType Mellon
|
|
MellonEnable auth
|
|
Require valid-user
|
|
</Location>
|
|
<% end -%>
|