OpenStack-Ansible

Add configurations for websso

Bug #1922687 reported by Flavio Picci on 2021-04-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Fix Released	Wishlist	Unassigned

Bug Description

Hello everyone,

I would like to add a few configuration lines to support Horizon auto redirections (login and logout) when using WEBSSO.

In my local installation I added the following lines to horizon_local_settings.py.j2:

```
{% if horizon_websso_initial_choice != "credentials" and horizon_websso_default_redirect is defined %}
# Set default SSO redirect to seleteced protocol
WEBSSO_DEFAULT_REDIRECT = {{ horizon_websso_default_redirect | bool }}
WEBSSO_DEFAULT_REDIRECT_PROTOCOL = "{{ horizon_websso_initial_choice }}"

# Default (login) redirect base URL
{% if horizon_websso_keystone_url is defined %}
WEBSSO_DEFAULT_REDIRECT_REGION = "{{ horizon_websso_keystone_url }}"
{% else %}
WEBSSO_DEFAULT_REDIRECT_REGION = "{{ horizon_keystone_endpoint }}"
{% endif %}

{% This might be computed %}
{% if horizon_websso_default_redirect_logout is defined %}
# SSO logout URL
WEBSSO_DEFAULT_REDIRECT_LOGOUT = "{{ horizon_websso_default_redirect_logout }}"

{% endif %}
{% endif %}
```

`The WEBSSO_DEFAULT_REDIRECT_LOGOUT` might be computed depending on the `horizon_websso_initial_choice` variable containing the default protocol the user want to use.
In my installation I use saml2, so I computed the horizon_websso_default_redirect_logout like this: `{{ keystone_service_publicuri }}/Shibboleth.sso/Logout?return=https://{{ external_lb_vip_address }}`

I am using the Victoria release.

Thanks,
Flavio

Tags:

Dmitriy Rabotyagov (noonedeadpunk) on 2021-04-06

Changed in openstack-ansible:
importance:	Undecided → Wishlist

Revision history for this message

Dmitriy Rabotyagov (noonedeadpunk) wrote on 2021-04-06:

Hi!

I'd suggest pushing an upstream patch to cover this usecase. For this you will need to configure gerrit account (login is performed with ubuntu one - same account as you used for Launchpad): https://docs.openstack.org/contributors/common/setup-gerrit.html

After that you will be able to use git-review to push changes: https://docs.openstack.org/contributors/code-and-documentation/using-gerrit.html

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-04-15: Fix proposed to openstack-ansible-os_horizon (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/786467

Changed in openstack-ansible:
status:	New → In Progress

Revision history for this message

Dmitriy Rabotyagov (noonedeadpunk) wrote on 2021-04-15:

Hi,

Please kindly check suggested patch and if it covers your needs

Revision history for this message

Flavio Picci (flaviopicci) wrote on 2021-04-19:

Hello Dmitriy,

the proposed patch fully satisfies my needs!
Thanks a lot for implementing this feature.

Many thanks,
Flavio

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-04-20: Fix merged to openstack-ansible-os_horizon (master)

Reviewed: https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/786467
Committed: https://opendev.org/openstack/openstack-ansible-os_horizon/commit/3b0abcbcd331f6db53e2040f6ff8759db233065c
Submitter: "Zuul (22348)"
Branch: master

commit 3b0abcbcd331f6db53e2040f6ff8759db233065c
Author: Dmitriy Rabotyagov <email address hidden>
Date: Thu Apr 15 19:30:46 2021 +0300

Implement WEBSSO redirect

This patch adds ability to configure horizon auto redirections when
WEBSSO is used.

    Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/785800
    Change-Id: I2a1beddaed3a31d1c01d1310dc8b739c9c93d9dd
    Closes-Bug: #1922687

Changed in openstack-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-08: Fix included in openstack/openstack-ansible-os_horizon yoga-eom

This issue was fixed in the openstack/openstack-ansible-os_horizon yoga-eom release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-14: Fix included in openstack/openstack-ansible-os_horizon wallaby-eom

This issue was fixed in the openstack/openstack-ansible-os_horizon wallaby-eom release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-14: Fix included in openstack/openstack-ansible-os_horizon xena-eom

This issue was fixed in the openstack/openstack-ansible-os_horizon xena-eom release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.