5c0e4e7355
Expose parameters for enabling OAuth support in mod_auth_openidc Change-Id: If19a2f12896d96e20483f5b25676bc70181a556d Depends-on: I284160e520fbb73a041c49ff1a3e1ef5f3caf59d
88 lines
3.3 KiB
YAML
88 lines
3.3 KiB
YAML
# *******************************************************************
|
|
# This file was created automatically by the sample environment
|
|
# generator. Developers should use `tox -e genconfig` to update it.
|
|
# Users are recommended to make changes to a copy of the file instead
|
|
# of the original, if any customizations are needed.
|
|
# *******************************************************************
|
|
# title: Enable keystone federation with OpenID Connect
|
|
# description: |
|
|
# This is an example template on how to configure keystone federation for
|
|
# the OpenID Connect protocol. You must modify the parameters to use
|
|
# values appropriate for your identity provider.
|
|
parameter_defaults:
|
|
# A list of methods used for authentication.
|
|
# Type: comma_delimited_list
|
|
KeystoneAuthMethods: password,token,openid
|
|
|
|
# The client ID to use when handshaking with your OpenID Connect provider
|
|
# Type: string
|
|
KeystoneOpenIdcClientId: myclientid
|
|
|
|
# The client secret to use when handshaking with your OpenID Connect provider
|
|
# Type: string
|
|
KeystoneOpenIdcClientSecret: myclientsecret
|
|
|
|
# Passphrase to use when encrypting data for OpenID Connect handshake.
|
|
# Type: string
|
|
KeystoneOpenIdcCryptoPassphrase: openstack
|
|
|
|
# The name associated with the IdP in Keystone.
|
|
# Type: string
|
|
KeystoneOpenIdcIdpName: myidp
|
|
|
|
# OAuth 2.0 introspection endpoint for mod_auth_openidc
|
|
# Type: string
|
|
KeystoneOpenIdcIntrospectionEndpoint: https://myidp.example.test/auth/realms/openstack/protocol/openid-connect/token/introspect
|
|
|
|
# The url that points to your OpenID Connect provider metadata
|
|
# Type: string
|
|
KeystoneOpenIdcProviderMetadataUrl: https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration
|
|
|
|
# Attribute to be used to obtain the entity ID of the Identity Provider from the environment.
|
|
# Type: string
|
|
KeystoneOpenIdcRemoteIdAttribute: HTTP_OIDC_ISS
|
|
|
|
# Response type to be expected from the OpenID Connect provider.
|
|
# Type: string
|
|
KeystoneOpenIdcResponseType: id_token
|
|
|
|
# A list of dashboard URLs trusted for single sign-on.
|
|
# Type: comma_delimited_list
|
|
KeystoneTrustedDashboards: https://dashboard.example.test/dashboard/auth/websso/
|
|
|
|
# Specifies the list of SSO authentication choices to present. Each item is a list of an SSO choice identifier and a display message.
|
|
# Type: json
|
|
WebSSOChoices: [['OIDC', 'OpenID Connect']]
|
|
|
|
# Specifies a mapping from SSO authentication choice to identity provider and protocol. The identity provider and protocol names must match the resources defined in keystone.
|
|
# Type: json
|
|
WebSSOIDPMapping: {'OIDC': ['myidp', 'openid']}
|
|
|
|
# The initial authentication choice to select by default
|
|
# Type: string
|
|
WebSSOInitialChoice: OIDC
|
|
|
|
# ******************************************************
|
|
# Static parameters - these are values that must be
|
|
# included in the environment but should not be changed.
|
|
# ******************************************************
|
|
# Enable support for federated authentication.
|
|
# Type: boolean
|
|
KeystoneFederationEnable: True
|
|
|
|
# Enable support for OpenIDC federation.
|
|
# Type: boolean
|
|
KeystoneOpenIdcEnable: True
|
|
|
|
# Enable OAuth 2.0 integration.
|
|
# Type: boolean
|
|
KeystoneOpenIdcEnableOAuth: True
|
|
|
|
# Enable support for Web Single Sign-On
|
|
# Type: boolean
|
|
WebSSOEnable: True
|
|
|
|
# *********************
|
|
# End static parameters
|
|
# *********************
|