diff --git a/horizon/Chart.yaml b/horizon/Chart.yaml
index 3238befd86..c80315ad92 100644
--- a/horizon/Chart.yaml
+++ b/horizon/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Horizon
 name: horizon
-version: 0.3.27
+version: 0.3.28
 home: https://docs.openstack.org/horizon/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
 sources:
diff --git a/horizon/values.yaml b/horizon/values.yaml
index 645edced27..37810221ae 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -460,6 +460,11 @@ conf:
         # Determines which authentication choice to show as default.
         WEBSSO_INITIAL_CHOICE = "{{ .Values.conf.horizon.local_settings.config.auth.sso.initial_choice }}"
 
+        {{- if .Values.conf.horizon.local_settings.config.auth.sso.websso_keystone_url }}
+        # The full auth URL for the Keystone endpoint used for web single-sign-on authentication.
+        WEBSSO_KEYSTONE_URL = "{{ .Values.conf.horizon.local_settings.config.auth.sso.websso_keystone_url }}"
+        {{- end }}
+
         # The list of authentication mechanisms
         # which include keystone federation protocols.
         # Current supported protocol IDs are 'saml2' and 'oidc'
diff --git a/releasenotes/notes/horizon.yaml b/releasenotes/notes/horizon.yaml
index e0c0a3d10b..d0677c04c3 100644
--- a/releasenotes/notes/horizon.yaml
+++ b/releasenotes/notes/horizon.yaml
@@ -64,4 +64,5 @@ horizon:
   - 0.3.25 Implement "CSRF_TRUSTED_ORIGINS" option support in horizon
   - 0.3.26 Fix templating of CSRF_TRUSTED_ORIGINS
   - 0.3.27 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default
+  - 0.3.28 Add WEBSSO_KEYSTONE_URL value
 ...