openstack/kolla-ansible
Code Issues Proposed changes

Add OIDCDiscoverURL mod_oidc option

Browse Source 
This gets rid of one of the steps in the authentication flow.

Closes-Bug: 1930055
Change-Id: I4ed4651b55a912f1d9aec7277bae6bb4776f1e0a
This commit is contained in:
Will Szumski 2021-05-28 17:22:31 +01:00 committed by Piotr Parczewski
parent 7f2d203354
commit e7455759ad
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/roles/keystone/templates/wsgi-keystone.conf.j2
View File

@ -79,6 +79,7 @@ LogLevel info
{% for idp in keystone_identity_providers %} {% for idp in keystone_identity_providers %}
{% if idp.protocol == 'openid' %} {% if idp.protocol == 'openid' %}
<LocationMatch /v3/auth/OS-FEDERATION/identity_providers/{{ idp.name }}/protocols/{{ idp.protocol }}/websso> <LocationMatch /v3/auth/OS-FEDERATION/identity_providers/{{ idp.name }}/protocols/{{ idp.protocol }}/websso>
OIDCDiscoverURL {{ keystone_public_url }}/redirect_uri?iss={{ idp.identifier | urlencode }}
Require valid-user Require valid-user
AuthType openid-connect AuthType openid-connect
</LocationMatch> </LocationMatch>

7
releasenotes/notes/add-oidc-discover-url-83edb9f43f73a97f.yaml Normal file
View File

@ -0,0 +1,7 @@
---
fixes:
- |
Fixes an issue with an OIDC authentication flow requiring unnecessary
action from the user. Redirecting to the target IdP page now happens
automatically.
`LP#930055 <https://bugs.launchpad.net/kolla-ansible/+bug/1930055>`__