Keystone: Keep default auth methods in OpenIDC Federation

The enable-federation-openidc.yaml environment file defines enabled auth methods but its current contents doesn't include all of the default items like application_credential. This change ensures that all default methods are still enabled when federation with OpenIDC is used. Closes-Bug: #1935811 Change-Id: I7e168dda4419953abb1002b3180c8f512b59d7f1 (cherry picked from commit 62b17c21b8)
2021-07-12 17:28:33 +09:00 · 2021-07-12 17:28:33 +09:00 · 943d15ea8c
parent f06dbcac60
commit 943d15ea8c
2 changed files with 2 additions and 2 deletions
--- a/environments/enable-federation-openidc.yaml
+++ b/environments/enable-federation-openidc.yaml
@ -12,7 +12,7 @@
 parameter_defaults:
  # A list of methods used for authentication.
  # Type: comma_delimited_list
-  KeystoneAuthMethods: password,token,openid
+  KeystoneAuthMethods: external,password,token,oauth1,mapped,application_credential,openid

  # The client ID to use when handshaking with your OpenID Connect provider
  # Type: string
--- a/sample-env-generator/openidc.yaml
+++ b/sample-env-generator/openidc.yaml
@ -29,7 +29,7 @@ environments:
      KeystoneOpenIdcEnable: True
      KeystoneOpenIdcEnableOAuth: True
      WebSSOEnable: True
-      KeystoneAuthMethods: 'password,token,openid'
+      KeystoneAuthMethods: external,password,token,oauth1,mapped,application_credential,openid
      KeystoneTrustedDashboards: 'https://dashboard.example.test/dashboard/auth/websso/'
      KeystoneOpenIdcIdpName: 'myidp'
      KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration'