48 lines
1.9 KiB
YAML
48 lines
1.9 KiB
YAML
environments:
|
|
-
|
|
name: enable-federation-openidc
|
|
title: Enable keystone federation with OpenID Connect
|
|
files:
|
|
deployment/keystone/keystone-container-puppet.yaml:
|
|
parameters:
|
|
- KeystoneFederationEnable
|
|
- KeystoneAuthMethods
|
|
- KeystoneTrustedDashboards
|
|
- KeystoneOpenIdcEnable
|
|
- KeystoneOpenIdcIdpName
|
|
- KeystoneOpenIdcProviderMetadataUrl
|
|
- KeystoneOpenIdcClientId
|
|
- KeystoneOpenIdcClientSecret
|
|
- KeystoneOpenIdcCryptoPassphrase
|
|
- KeystoneOpenIdcResponseType
|
|
- KeystoneOpenIdcRemoteIdAttribute
|
|
- KeystoneOpenIdcEnableOAuth
|
|
- KeystoneOpenIdcIntrospectionEndpoint
|
|
deployment/horizon/horizon-container-puppet.yaml:
|
|
parameters:
|
|
- WebSSOEnable
|
|
- WebSSOInitialChoice
|
|
- WebSSOChoices
|
|
- WebSSOIDPMapping
|
|
sample_values:
|
|
KeystoneFederationEnable: True
|
|
KeystoneOpenIdcEnable: True
|
|
KeystoneOpenIdcEnableOAuth: True
|
|
WebSSOEnable: True
|
|
KeystoneAuthMethods: 'password,token,openid'
|
|
KeystoneTrustedDashboards: 'https://dashboard.example.test/dashboard/auth/websso/'
|
|
KeystoneOpenIdcIdpName: 'myidp'
|
|
KeystoneOpenIdcProviderMetadataUrl: 'https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration'
|
|
KeystoneOpenIdcIntrospectionEndpoint: 'https://myidp.example.test/auth/realms/openstack/protocol/openid-connect/token/introspect'
|
|
KeystoneOpenIdcClientId: 'myclientid'
|
|
KeystoneOpenIdcClientSecret: 'myclientsecret'
|
|
static:
|
|
- KeystoneFederationEnable
|
|
- KeystoneOpenIdcEnable
|
|
- KeystoneOpenIdcEnableOAuth
|
|
- WebSSOEnable
|
|
description: |
|
|
This is an example template on how to configure keystone federation for
|
|
the OpenID Connect protocol. You must modify the parameters to use
|
|
values appropriate for your identity provider.
|