Add memcached caching

Piggybacking on to the memcached containers that keystone uses for its token caching we are able to share state between the apache_mod_openidc instances so that authentications succeed in cases where auth requests are being routed to more than one keystone container. Change-Id: Ia978b46f6a6dfc5da8f8ebecb1a3c9fe44948add
2020-04-28 18:11:01 +01:00 · 2020-04-28 18:11:01 +01:00 · beebf1196e
commit beebf1196e
parent 3b283edf8a
1 changed files with 4 additions and 0 deletions
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@ -49,6 +49,10 @@ Listen {{ keystone_service_port }}
    {% if keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy is defined -%}
    OIDCOutgoingProxy {{ keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy }}
    {% endif -%}
+    {% if keystone_cache_servers | length > 0 -%}
+    OIDCCacheType memcache
+    OIDCMemCacheServers "{{ keystone_cache_servers | join(' ') }}"
+    {% endif %}

    <Location /v3/OS-FEDERATION/identity_providers/{{ keystone_sp.trusted_idp_list.0.name }}/protocols/openid/auth>
      Require valid-user