Browse Source

Keystone: Keep default auth methods in OpenIDC Federation

The enable-federation-openidc.yaml environment file defines enabled
auth methods but its current contents doesn't include all of
the default items like application_credential.
This change ensures that all default methods are still enabled when
federation with OpenIDC is used.

Closes-Bug: #1935811
Change-Id: I7e168dda4419953abb1002b3180c8f512b59d7f1
changes/39/800439/3
Takashi Kajinami 12 months ago
parent
commit
62b17c21b8
  1. 2
      environments/enable-federation-openidc.yaml
  2. 2
      sample-env-generator/openidc.yaml

2
environments/enable-federation-openidc.yaml

@ -12,7 +12,7 @@
parameter_defaults:
# A list of methods used for authentication.
# Type: comma_delimited_list
KeystoneAuthMethods: password,token,openid
KeystoneAuthMethods: external,password,token,oauth1,mapped,application_credential,openid
# The client ID to use when handshaking with your OpenID Connect provider
# Type: string

2
sample-env-generator/openidc.yaml

@ -29,7 +29,7 @@ environments:
KeystoneOpenIdcEnable: True
KeystoneOpenIdcEnableOAuth: True
WebSSOEnable: True
KeystoneAuthMethods: 'password,token,openid'
KeystoneAuthMethods: external,password,token,oauth1,mapped,application_credential,openid
KeystoneTrustedDashboards: 'https://dashboard.example.test/dashboard/auth/websso/'
KeystoneOpenIdcIdpName: 'myidp'
KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration'

Loading…
Cancel
Save