File: openidc.conf.erb

package info (click to toggle)
puppet-module-keystone 13.1.0-1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 1,576 kB
  • sloc: ruby: 10,066; pascal: 916; python: 40; makefile: 17; sh: 15
file content (20 lines) | stat: -rw-r--r-- 1,259 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
  LoadModule auth_openidc_module modules/mod_auth_openidc.so
  OIDCClaimPrefix "OIDC-"
  OIDCResponseType "<%= scope['keystone::federation::openidc::openidc_response_type']-%>"
  OIDCScope "openid email profile"
  OIDCProviderMetadataURL "<%= scope['keystone::federation::openidc::openidc_provider_metadata_url']-%>"
  OIDCClientID "<%= scope['keystone::federation::openidc::openidc_client_id']-%>"
  OIDCClientSecret "<%= scope['keystone::federation::openidc::openidc_client_secret']-%>"
  OIDCCryptoPassphrase "<%= scope['keystone::federation::openidc::openidc_crypto_passphrase']-%>"

  OIDCRedirectURI "<%= @keystone_endpoint-%>/v3/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openidc/auth/redirect"
  <LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/openidc/auth>
      AuthType "openid-connect"
      Require valid-user
  </LocationMatch>

  OIDCRedirectURI "<%= @keystone_endpoint-%>/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openidc/websso/redirect"
  <LocationMatch /v3/auth/OS-FEDERATION/identity_providers/.*?/protocols/openidc/websso>
      AuthType "openid-connect"
      Require valid-user
  </LocationMatch>