2018-06-12 14:35:00 -04:00
|
|
|
environments:
|
|
|
|
-
|
|
|
|
name: enable-federation-openidc
|
|
|
|
title: Enable keystone federation with OpenID Connect
|
|
|
|
files:
|
2018-11-05 14:43:29 +02:00
|
|
|
deployment/keystone/keystone-container-puppet.yaml:
|
2018-06-12 14:35:00 -04:00
|
|
|
parameters:
|
|
|
|
- KeystoneFederationEnable
|
|
|
|
- KeystoneAuthMethods
|
|
|
|
- KeystoneTrustedDashboards
|
|
|
|
- KeystoneOpenIdcEnable
|
|
|
|
- KeystoneOpenIdcIdpName
|
|
|
|
- KeystoneOpenIdcProviderMetadataUrl
|
|
|
|
- KeystoneOpenIdcClientId
|
|
|
|
- KeystoneOpenIdcClientSecret
|
|
|
|
- KeystoneOpenIdcCryptoPassphrase
|
|
|
|
- KeystoneOpenIdcResponseType
|
|
|
|
- KeystoneOpenIdcRemoteIdAttribute
|
2019-02-04 12:28:58 -05:00
|
|
|
deployment/horizon/horizon-container-puppet.yaml:
|
2018-12-21 19:15:25 -08:00
|
|
|
parameters:
|
|
|
|
- WebSSOEnable
|
|
|
|
- WebSSOInitialChoice
|
|
|
|
- WebSSOChoices
|
|
|
|
- WebSSOIDPMapping
|
2018-06-12 14:35:00 -04:00
|
|
|
sample_values:
|
|
|
|
KeystoneFederationEnable: True
|
|
|
|
KeystoneOpenIdcEnable: True
|
2018-12-21 19:15:25 -08:00
|
|
|
WebSSOEnable: True
|
2018-06-12 14:35:00 -04:00
|
|
|
KeystoneAuthMethods: 'password,token,openid'
|
2018-12-21 19:15:25 -08:00
|
|
|
KeystoneTrustedDashboards: 'https://dashboard.example.test/dashboard/auth/websso/'
|
2018-06-12 14:35:00 -04:00
|
|
|
KeystoneOpenIdcIdpName: 'myidp'
|
2018-12-21 19:15:25 -08:00
|
|
|
KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration'
|
2018-06-12 14:35:00 -04:00
|
|
|
KeystoneOpenIdcClientId: 'myclientid'
|
|
|
|
KeystoneOpenIdcClientSecret: 'myclientsecret'
|
|
|
|
static:
|
|
|
|
- KeystoneFederationEnable
|
|
|
|
- KeystoneOpenIdcEnable
|
2018-12-21 19:15:25 -08:00
|
|
|
- WebSSOEnable
|
2018-06-12 14:35:00 -04:00
|
|
|
description: |
|
|
|
|
This is an example template on how to configure keystone federation for
|
|
|
|
the OpenID Connect protocol. You must modify the parameters to use
|
|
|
|
values appropriate for your identity provider.
|