Keystone salt formula should allow multiple OIDCRedirectURIs

Bug #1715401 reported by John Dilley on 2017-09-06
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

According to the docs at and, there should be 3 OIDCRedirectURI options:

OIDCRedirectURI http://localhost:5000/v3/OS-FEDERATION/identity_providers/<idp_id>/protocols/openid/auth <--- For Keystone API (from

OIDCRedirectURI http://localhost:5000/v3/auth/OS-FEDERATION/websso
OIDCRedirectURI http://localhost:5000/v3/auth/OS-FEDERATION/identity_providers/myidp/protocols/openid/websso <--- For Horizon SSO (from

The salt formula in only appears to allow one however ( only shows how to provide one, and keystone/files/ocata/wsgi-keystone.conf only refers to OIDCRedirectURI once)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers