openstack/tripleo-heat-templates
Code Issues Proposed changes
0c167aedea
tripleo-heat-templates/sample-env-generator/openidc.yaml
Takashi Kajinami 62b17c21b8 Keystone: Keep default auth methods in OpenIDC Federation 
The enable-federation-openidc.yaml environment file defines enabled
auth methods but its current contents doesn't include all of
the default items like application_credential.
This change ensures that all default methods are still enabled when
federation with OpenIDC is used.

Closes-Bug: #1935811
Change-Id: I7e168dda4419953abb1002b3180c8f512b59d7f1
2021-07-12 14:21:41 +00:00

48 lines
1.9 KiB
YAML
Raw Blame History

environments:
-
name: enable-federation-openidc
title: Enable keystone federation with OpenID Connect
files:
deployment/keystone/keystone-container-puppet.yaml:
parameters:
- KeystoneFederationEnable
- KeystoneAuthMethods
- KeystoneTrustedDashboards
- KeystoneOpenIdcEnable
- KeystoneOpenIdcIdpName
- KeystoneOpenIdcProviderMetadataUrl
- KeystoneOpenIdcClientId
- KeystoneOpenIdcClientSecret
- KeystoneOpenIdcCryptoPassphrase
- KeystoneOpenIdcResponseType
- KeystoneOpenIdcRemoteIdAttribute
- KeystoneOpenIdcEnableOAuth
- KeystoneOpenIdcIntrospectionEndpoint
deployment/horizon/horizon-container-puppet.yaml:
parameters:
- WebSSOEnable
- WebSSOInitialChoice
- WebSSOChoices
- WebSSOIDPMapping
sample_values:
KeystoneFederationEnable: True
KeystoneOpenIdcEnable: True
KeystoneOpenIdcEnableOAuth: True
WebSSOEnable: True
KeystoneAuthMethods: external,password,token,oauth1,mapped,application_credential,openid
KeystoneTrustedDashboards: 'https://dashboard.example.test/dashboard/auth/websso/'
KeystoneOpenIdcIdpName: 'myidp'
KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration'
KeystoneOpenIdcIntrospectionEndpoint: 'https://myidp.example.test/auth/realms/openstack/protocol/openid-connect/token/introspect'
KeystoneOpenIdcClientId: 'myclientid'
KeystoneOpenIdcClientSecret: 'myclientsecret'
static:
- KeystoneFederationEnable
- KeystoneOpenIdcEnable
- KeystoneOpenIdcEnableOAuth
- WebSSOEnable
description: |
This is an example template on how to configure keystone federation for
the OpenID Connect protocol. You must modify the parameters to use
values appropriate for your identity provider.
View Git Blame Copy Permalink