62b17c21b8
The enable-federation-openidc.yaml environment file defines enabled auth methods but its current contents doesn't include all of the default items like application_credential. This change ensures that all default methods are still enabled when federation with OpenIDC is used. Closes-Bug: #1935811 Change-Id: I7e168dda4419953abb1002b3180c8f512b59d7f1
88 lines
3.4 KiB
YAML
88 lines
3.4 KiB
YAML
# *******************************************************************
|
|
# This file was created automatically by the sample environment
|
|
# generator. Developers should use `tox -e genconfig` to update it.
|
|
# Users are recommended to make changes to a copy of the file instead
|
|
# of the original, if any customizations are needed.
|
|
# *******************************************************************
|
|
# title: Enable keystone federation with OpenID Connect
|
|
# description: |
|
|
# This is an example template on how to configure keystone federation for
|
|
# the OpenID Connect protocol. You must modify the parameters to use
|
|
# values appropriate for your identity provider.
|
|
parameter_defaults:
|
|
# A list of methods used for authentication.
|
|
# Type: comma_delimited_list
|
|
KeystoneAuthMethods: external,password,token,oauth1,mapped,application_credential,openid
|
|
|
|
# The client ID to use when handshaking with your OpenID Connect provider
|
|
# Type: string
|
|
KeystoneOpenIdcClientId: myclientid
|
|
|
|
# The client secret to use when handshaking with your OpenID Connect provider
|
|
# Type: string
|
|
KeystoneOpenIdcClientSecret: myclientsecret
|
|
|
|
# Passphrase to use when encrypting data for OpenID Connect handshake.
|
|
# Type: string
|
|
KeystoneOpenIdcCryptoPassphrase: openstack
|
|
|
|
# The name associated with the IdP in Keystone.
|
|
# Type: string
|
|
KeystoneOpenIdcIdpName: myidp
|
|
|
|
# OAuth 2.0 introspection endpoint for mod_auth_openidc
|
|
# Type: string
|
|
KeystoneOpenIdcIntrospectionEndpoint: https://myidp.example.test/auth/realms/openstack/protocol/openid-connect/token/introspect
|
|
|
|
# The url that points to your OpenID Connect provider metadata
|
|
# Type: string
|
|
KeystoneOpenIdcProviderMetadataUrl: https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration
|
|
|
|
# Attribute to be used to obtain the entity ID of the Identity Provider from the environment.
|
|
# Type: string
|
|
KeystoneOpenIdcRemoteIdAttribute: HTTP_OIDC_ISS
|
|
|
|
# Response type to be expected from the OpenID Connect provider.
|
|
# Type: string
|
|
KeystoneOpenIdcResponseType: id_token
|
|
|
|
# A list of dashboard URLs trusted for single sign-on.
|
|
# Type: comma_delimited_list
|
|
KeystoneTrustedDashboards: https://dashboard.example.test/dashboard/auth/websso/
|
|
|
|
# Specifies the list of SSO authentication choices to present. Each item is a list of an SSO choice identifier and a display message.
|
|
# Type: json
|
|
WebSSOChoices: [['OIDC', 'OpenID Connect']]
|
|
|
|
# Specifies a mapping from SSO authentication choice to identity provider and protocol. The identity provider and protocol names must match the resources defined in keystone.
|
|
# Type: json
|
|
WebSSOIDPMapping: {'OIDC': ['myidp', 'openid']}
|
|
|
|
# The initial authentication choice to select by default
|
|
# Type: string
|
|
WebSSOInitialChoice: OIDC
|
|
|
|
# ******************************************************
|
|
# Static parameters - these are values that must be
|
|
# included in the environment but should not be changed.
|
|
# ******************************************************
|
|
# Enable support for federated authentication.
|
|
# Type: boolean
|
|
KeystoneFederationEnable: True
|
|
|
|
# Enable support for OpenIDC federation.
|
|
# Type: boolean
|
|
KeystoneOpenIdcEnable: True
|
|
|
|
# Enable OAuth 2.0 integration.
|
|
# Type: boolean
|
|
KeystoneOpenIdcEnableOAuth: True
|
|
|
|
# Enable support for Web Single Sign-On
|
|
# Type: boolean
|
|
WebSSOEnable: True
|
|
|
|
# *********************
|
|
# End static parameters
|
|
# *********************
|