openstack/openstack-ansible-os_keystone
Code Issues Proposed changes

Merge "Add PKCE method for OIDC"

Browse Source
This commit is contained in:
Zuul 2022-08-12 11:30:16 +00:00 committed by Gerrit Code Review
commit 056623431a
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
defaults/main.yml
View File

@ -528,6 +528,7 @@ keystone_sp: {}
# oidc_oauth_introspection_endpoint: endpoint address (optional)
# oidc_oauth_client_id: string (optional)
# oidc_oauth_client_secret: secret (optional)
# oidc_pkce_method: plain | S256 | referred_tb (optional)
# oidc_outgoing_proxy: "proxy address" (optional setting)
# oidc_auth_request_params: param=some+url+encoded+value&param2=and+another+one (optional)
# oidc_state_max_number_of_cookies: 5 false (optional)

3
templates/keystone-httpd.conf.j2
View File

@ -68,6 +68,9 @@ Listen {{ keystone_web_server_bind_address }}:{{ keystone_service_port }}
{% if keystone_sp.trusted_idp_list.0.oidc_oauth_client_secret is defined -%}
OIDCOAuthClientSecret {{ keystone_sp.trusted_idp_list.0.oidc_oauth_client_secret }}
{% endif -%}
{% if keystone_sp.trusted_idp_list.0.oidc_pkce_method is defined -%}
OIDCPKCEMethod {{ keystone_sp.trusted_idp_list.0.oidc_pkce_method }}
{% endif -%}
{% if keystone_cache_servers | length > 0 -%}
OIDCCacheType memcache
OIDCMemCacheServers "{{ keystone_cache_servers | join(' ') }}"