JWT failed to validate on auth-oidc endpoint used by openstack cli
with "could not find key with kid: XX" error. To fix this we need
to use jwks provided in "jwks_uri" by OIDC metadata endpoint.
Missing "ServerName" directive from vhost config causes redirection
to fail in some cases when external tls is enabled.
- added "keystone_federation_oidc_jwks_uri" variable
- added "OIDCOAuthVerifyJwksUri" to keystone vhost config
- added "ServerName" to keystone vhost config
- jinja templating additional whitespace trimmed to
correct end result indentation and empty newlines
Closes-bug: 1990375
Change-Id: I4f5c1bd8be8e23cf6299ca4bdfd79e9d98c9a9eb
(cherry picked from commit 98929761191e265474459a0b73fdbeb07afd2bb4)
Reviewed: https:/ /review. opendev. org/c/openstack /kolla- ansible/ +/860431 /opendev. org/openstack/ kolla-ansible/ commit/ 1d8c7c0da1186bb bb707a4da6aba1f 7c24b887a5
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/yoga
commit 1d8c7c0da1186bb bb707a4da6aba1f 7c24b887a5
Author: Jakub Darmach <email address hidden>
Date: Wed Sep 21 14:36:53 2022 +0200
Keystone OIDC JWKS fix
JWT failed to validate on auth-oidc endpoint used by openstack cli
with "could not find key with kid: XX" error. To fix this we need
to use jwks provided in "jwks_uri" by OIDC metadata endpoint.
Missing "ServerName" directive from vhost config causes redirection
to fail in some cases when external tls is enabled.
- added "keystone_ federation_ oidc_jwks_ uri" variable yJwksUri" to keystone vhost config
- added "OIDCOAuthVerif
- added "ServerName" to keystone vhost config
- jinja templating additional whitespace trimmed to
correct end result indentation and empty newlines
Closes-bug: 1990375 cf6299ca4bdfd79 e9d98c9a9eb 474459a0b73fdbe b07afd2bb4)
Change-Id: I4f5c1bd8be8e23
(cherry picked from commit 98929761191e265