environments: - name: enable-federation-openidc title: Enable keystone federation with OpenID Connect files: deployment/keystone/keystone-container-puppet.yaml: parameters: - KeystoneFederationEnable - KeystoneAuthMethods - KeystoneTrustedDashboards - KeystoneOpenIdcEnable - KeystoneOpenIdcIdpName - KeystoneOpenIdcProviderMetadataUrl - KeystoneOpenIdcClientId - KeystoneOpenIdcClientSecret - KeystoneOpenIdcCryptoPassphrase - KeystoneOpenIdcResponseType - KeystoneOpenIdcRemoteIdAttribute puppet/services/horizon.yaml: parameters: - WebSSOEnable - WebSSOInitialChoice - WebSSOChoices - WebSSOIDPMapping sample_values: KeystoneFederationEnable: True KeystoneOpenIdcEnable: True WebSSOEnable: True KeystoneAuthMethods: 'password,token,openid' KeystoneTrustedDashboards: 'https://dashboard.example.test/dashboard/auth/websso/' KeystoneOpenIdcIdpName: 'myidp' KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration' KeystoneOpenIdcClientId: 'myclientid' KeystoneOpenIdcClientSecret: 'myclientsecret' static: - KeystoneFederationEnable - KeystoneOpenIdcEnable - WebSSOEnable description: | This is an example template on how to configure keystone federation for the OpenID Connect protocol. You must modify the parameters to use values appropriate for your identity provider.