From 62b17c21b8a8e392b14f48266c48c46f6100e24e Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 12 Jul 2021 17:28:33 +0900 Subject: [PATCH] Keystone: Keep default auth methods in OpenIDC Federation The enable-federation-openidc.yaml environment file defines enabled auth methods but its current contents doesn't include all of the default items like application_credential. This change ensures that all default methods are still enabled when federation with OpenIDC is used. Closes-Bug: #1935811 Change-Id: I7e168dda4419953abb1002b3180c8f512b59d7f1 --- environments/enable-federation-openidc.yaml | 2 +- sample-env-generator/openidc.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/environments/enable-federation-openidc.yaml b/environments/enable-federation-openidc.yaml index db1d88eda4..47027ff435 100644 --- a/environments/enable-federation-openidc.yaml +++ b/environments/enable-federation-openidc.yaml @@ -12,7 +12,7 @@ parameter_defaults: # A list of methods used for authentication. # Type: comma_delimited_list - KeystoneAuthMethods: password,token,openid + KeystoneAuthMethods: external,password,token,oauth1,mapped,application_credential,openid # The client ID to use when handshaking with your OpenID Connect provider # Type: string diff --git a/sample-env-generator/openidc.yaml b/sample-env-generator/openidc.yaml index 03c13c9a65..b99532fbb5 100644 --- a/sample-env-generator/openidc.yaml +++ b/sample-env-generator/openidc.yaml @@ -29,7 +29,7 @@ environments: KeystoneOpenIdcEnable: True KeystoneOpenIdcEnableOAuth: True WebSSOEnable: True - KeystoneAuthMethods: 'password,token,openid' + KeystoneAuthMethods: external,password,token,oauth1,mapped,application_credential,openid KeystoneTrustedDashboards: 'https://dashboard.example.test/dashboard/auth/websso/' KeystoneOpenIdcIdpName: 'myidp' KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration'