Keystone salt formula should allow multiple OIDCRedirectURIs

Bug #1715401 reported by John Dilley on 2017-09-06
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-salt
Undecided
Unassigned

Bug Description

According to the docs at https://docs.openstack.org/keystone/latest/advanced-topics/federation/openidc.html and https://docs.openstack.org/keystone/latest/advanced-topics/federation/websso.html, there should be 3 OIDCRedirectURI options:

OIDCRedirectURI http://localhost:5000/v3/OS-FEDERATION/identity_providers/<idp_id>/protocols/openid/auth <--- For Keystone API (from https://docs.openstack.org/keystone/latest/advanced-topics/federation/openidc.html)

OIDCRedirectURI http://localhost:5000/v3/auth/OS-FEDERATION/websso
OIDCRedirectURI http://localhost:5000/v3/auth/OS-FEDERATION/identity_providers/myidp/protocols/openid/websso <--- For Horizon SSO (from https://docs.openstack.org/keystone/latest/advanced-topics/federation/websso.html)

The salt formula in https://github.com/salt-formulas/salt-formula-keystone only appears to allow one however (README.md only shows how to provide one, and keystone/files/ocata/wsgi-keystone.conf only refers to OIDCRedirectURI once)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers