You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 lines
1.6 KiB
42 lines
1.6 KiB
environments: |
|
- |
|
name: enable-federation-openidc |
|
title: Enable keystone federation with OpenID Connect |
|
files: |
|
puppet/services/keystone.yaml: |
|
parameters: |
|
- KeystoneFederationEnable |
|
- KeystoneAuthMethods |
|
- KeystoneTrustedDashboards |
|
- KeystoneOpenIdcEnable |
|
- KeystoneOpenIdcIdpName |
|
- KeystoneOpenIdcProviderMetadataUrl |
|
- KeystoneOpenIdcClientId |
|
- KeystoneOpenIdcClientSecret |
|
- KeystoneOpenIdcCryptoPassphrase |
|
- KeystoneOpenIdcResponseType |
|
- KeystoneOpenIdcRemoteIdAttribute |
|
puppet/services/horizon.yaml: |
|
parameters: |
|
- WebSSOEnable |
|
- WebSSOInitialChoice |
|
- WebSSOChoices |
|
- WebSSOIDPMapping |
|
sample_values: |
|
KeystoneFederationEnable: True |
|
KeystoneOpenIdcEnable: True |
|
WebSSOEnable: True |
|
KeystoneAuthMethods: 'password,token,openid' |
|
KeystoneTrustedDashboards: 'https://dashboard.example.test/dashboard/auth/websso/' |
|
KeystoneOpenIdcIdpName: 'myidp' |
|
KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration' |
|
KeystoneOpenIdcClientId: 'myclientid' |
|
KeystoneOpenIdcClientSecret: 'myclientsecret' |
|
static: |
|
- KeystoneFederationEnable |
|
- KeystoneOpenIdcEnable |
|
- WebSSOEnable |
|
description: | |
|
This is an example template on how to configure keystone federation for |
|
the OpenID Connect protocol. You must modify the parameters to use |
|
values appropriate for your identity provider.
|
|
|