openstack/tripleo-heat-templates
Code Issues Proposed changes

Keystone: Keep default auth methods in OpenIDC Federation

Browse Source 
The enable-federation-openidc.yaml environment file defines enabled
auth methods but its current contents doesn't include all of
the default items like application_credential.
This change ensures that all default methods are still enabled when
federation with OpenIDC is used.

Closes-Bug: #1935811
Change-Id: I7e168dda4419953abb1002b3180c8f512b59d7f1
This commit is contained in:
Takashi Kajinami 2021-07-12 17:28:33 +09:00
parent 0b874947a1
commit 62b17c21b8
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
environments/enable-federation-openidc.yaml
View File

@ -12,7 +12,7 @@
parameter_defaults:
# A list of methods used for authentication.
# Type: comma_delimited_list
KeystoneAuthMethods: password,token,openid
KeystoneAuthMethods: external,password,token,oauth1,mapped,application_credential,openid
# The client ID to use when handshaking with your OpenID Connect provider
# Type: string

2
sample-env-generator/openidc.yaml
View File

@ -29,7 +29,7 @@ environments:
KeystoneOpenIdcEnable: True
KeystoneOpenIdcEnableOAuth: True
WebSSOEnable: True
KeystoneAuthMethods: 'password,token,openid'
KeystoneAuthMethods: external,password,token,oauth1,mapped,application_credential,openid
KeystoneTrustedDashboards: 'https://dashboard.example.test/dashboard/auth/websso/'
KeystoneOpenIdcIdpName: 'myidp'
KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration'