kolla-ansible

  1. Bug #1990375
  2. Comment #8

Comment 8 for bug 1990375

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/860469
Committed: https://opendev.org/openstack/kolla-ansible/commit/f5f14cb4a7055addaf37f80d68e805c3e6a4b913
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit f5f14cb4a7055addaf37f80d68e805c3e6a4b913
Author: Jakub Darmach <email address hidden>
Date: Wed Sep 21 14:36:53 2022 +0200

    Keystone OIDC JWKS fix

    JWT failed to validate on auth-oidc endpoint used by openstack cli
    with "could not find key with kid: XX" error. To fix this we need
    to use jwks provided in "jwks_uri" by OIDC metadata endpoint.

    Missing "ServerName" directive from vhost config causes redirection
    to fail in some cases when external tls is enabled.

      - added "keystone_federation_oidc_jwks_uri" variable
      - added "OIDCOAuthVerifyJwksUri" to keystone vhost config
      - added "ServerName" to keystone vhost config
      - jinja templating additional whitespace trimmed to
        correct end result indentation and empty newlines

    Closes-bug: 1990375
    Change-Id: I4f5c1bd8be8e23cf6299ca4bdfd79e9d98c9a9eb
    (cherry picked from commit 98929761191e265474459a0b73fdbeb07afd2bb4)