a0a7c4fa83
This exposes parameters to configure OpenIDC federation in Keystone. Change-Id: I3e06ca5fde65f3e2c3c084f96209d1b38d5f8b86 Depends-on: Id2ef3558a359883bf3182f50d6a082b1789a900a
64 lines
2.4 KiB
YAML
64 lines
2.4 KiB
YAML
# *******************************************************************
|
|
# This file was created automatically by the sample environment
|
|
# generator. Developers should use `tox -e genconfig` to update it.
|
|
# Users are recommended to make changes to a copy of the file instead
|
|
# of the original, if any customizations are needed.
|
|
# *******************************************************************
|
|
# title: Enable keystone federation with OpenID Connect
|
|
# description: |
|
|
# This is an example template on how to configure keystone federation for
|
|
# the OpenID Connect protocol. You must modify the parameters to use
|
|
# values appropriate for your identity provider.
|
|
parameter_defaults:
|
|
# A list of methods used for authentication.
|
|
# Type: comma_delimited_list
|
|
KeystoneAuthMethods: password,token,openid
|
|
|
|
# The client ID to use when handshaking with your OpenID Connect provider
|
|
# Type: string
|
|
KeystoneOpenIdcClientId: myclientid
|
|
|
|
# The client secret to use when handshaking with your OpenID Connect provider
|
|
# Type: string
|
|
KeystoneOpenIdcClientSecret: myclientsecret
|
|
|
|
# Passphrase to use when encrypting data for OpenID Connect handshake.
|
|
# Type: string
|
|
KeystoneOpenIdcCryptoPassphrase: openstack
|
|
|
|
# The name associated with the IdP in Keystone.
|
|
# Type: string
|
|
KeystoneOpenIdcIdpName: myidp
|
|
|
|
# The url that points to your OpenID Connect provider metadata
|
|
# Type: string
|
|
KeystoneOpenIdcProviderMetadataUrl: https://myidp.example.test/metadata
|
|
|
|
# Attribute to be used to obtain the entity ID of the Identity Provider from the environment.
|
|
# Type: string
|
|
KeystoneOpenIdcRemoteIdAttribute: HTTP_OIDC_ISS
|
|
|
|
# Response type to be expected from the OpenID Connect provider.
|
|
# Type: string
|
|
KeystoneOpenIdcResponseType: id_token
|
|
|
|
# A list of dashboard URLs trusted for single sign-on.
|
|
# Type: comma_delimited_list
|
|
KeystoneTrustedDashboards: https://dashboard.example.test
|
|
|
|
# ******************************************************
|
|
# Static parameters - these are values that must be
|
|
# included in the environment but should not be changed.
|
|
# ******************************************************
|
|
# Enable support for federated authentication.
|
|
# Type: boolean
|
|
KeystoneFederationEnable: True
|
|
|
|
# Enable support for OpenIDC federation.
|
|
# Type: boolean
|
|
KeystoneOpenIdcEnable: True
|
|
|
|
# *********************
|
|
# End static parameters
|
|
# *********************
|