# ******************************************************************* # This file was created automatically by the sample environment # generator. Developers should use `tox -e genconfig` to update it. # Users are recommended to make changes to a copy of the file instead # of the original, if any customizations are needed. # ******************************************************************* # title: Enable keystone federation with OpenID Connect # description: | # This is an example template on how to configure keystone federation for # the OpenID Connect protocol. You must modify the parameters to use # values appropriate for your identity provider. parameter_defaults: # A list of methods used for authentication. # Type: comma_delimited_list KeystoneAuthMethods: password,token,openid # The client ID to use when handshaking with your OpenID Connect provider # Type: string KeystoneOpenIdcClientId: myclientid # The client secret to use when handshaking with your OpenID Connect provider # Type: string KeystoneOpenIdcClientSecret: myclientsecret # Passphrase to use when encrypting data for OpenID Connect handshake. # Type: string KeystoneOpenIdcCryptoPassphrase: openstack # The name associated with the IdP in Keystone. # Type: string KeystoneOpenIdcIdpName: myidp # The url that points to your OpenID Connect provider metadata # Type: string KeystoneOpenIdcProviderMetadataUrl: https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration # Attribute to be used to obtain the entity ID of the Identity Provider from the environment. # Type: string KeystoneOpenIdcRemoteIdAttribute: HTTP_OIDC_ISS # Response type to be expected from the OpenID Connect provider. # Type: string KeystoneOpenIdcResponseType: id_token # A list of dashboard URLs trusted for single sign-on. # Type: comma_delimited_list KeystoneTrustedDashboards: https://dashboard.example.test/dashboard/auth/websso/ # Specifies the list of SSO authentication choices to present. Each item is a list of an SSO choice identifier and a display message. # Type: json WebSSOChoices: [['OIDC', 'OpenID Connect']] # Specifies a mapping from SSO authentication choice to identity provider and protocol. The identity provider and protocol names must match the resources defined in keystone. # Type: json WebSSOIDPMapping: {'OIDC': ['myidp', 'openid']} # The initial authentication choice to select by default # Type: string WebSSOInitialChoice: OIDC # ****************************************************** # Static parameters - these are values that must be # included in the environment but should not be changed. # ****************************************************** # Enable support for federated authentication. # Type: boolean KeystoneFederationEnable: True # Enable support for OpenIDC federation. # Type: boolean KeystoneOpenIdcEnable: True # Enable support for Web Single Sign-On # Type: boolean WebSSOEnable: True # ********************* # End static parameters # *********************