Lars Kellogg-Stedman a0a7c4fa83 Enable support for openidc federation in keystone
This exposes parameters to configure OpenIDC federation in Keystone.

Change-Id: I3e06ca5fde65f3e2c3c084f96209d1b38d5f8b86
Depends-on: Id2ef3558a359883bf3182f50d6a082b1789a900a
2018-12-12 19:35:03 -08:00

35 lines
1.3 KiB
YAML

environments:
-
name: enable-federation-openidc
title: Enable keystone federation with OpenID Connect
files:
puppet/services/keystone.yaml:
parameters:
- KeystoneFederationEnable
- KeystoneAuthMethods
- KeystoneTrustedDashboards
- KeystoneOpenIdcEnable
- KeystoneOpenIdcIdpName
- KeystoneOpenIdcProviderMetadataUrl
- KeystoneOpenIdcClientId
- KeystoneOpenIdcClientSecret
- KeystoneOpenIdcCryptoPassphrase
- KeystoneOpenIdcResponseType
- KeystoneOpenIdcRemoteIdAttribute
sample_values:
KeystoneFederationEnable: True
KeystoneOpenIdcEnable: True
KeystoneAuthMethods: 'password,token,openid'
KeystoneTrustedDashboards: 'https://dashboard.example.test'
KeystoneOpenIdcIdpName: 'myidp'
KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/metadata'
KeystoneOpenIdcClientId: 'myclientid'
KeystoneOpenIdcClientSecret: 'myclientsecret'
static:
- KeystoneFederationEnable
- KeystoneOpenIdcEnable
description: |
This is an example template on how to configure keystone federation for
the OpenID Connect protocol. You must modify the parameters to use
values appropriate for your identity provider.