openstack-salt

Keystone salt formula should allow multiple OIDCRedirectURIs

Bug #1715401 reported by John Dilley
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-salt
New
Undecided
Unassigned

Bug Description

According to the docs at https://docs.openstack.org/keystone/latest/advanced-topics/federation/openidc.html and https://docs.openstack.org/keystone/latest/advanced-topics/federation/websso.html, there should be 3 OIDCRedirectURI options:

OIDCRedirectURI http://localhost:5000/v3/OS-FEDERATION/identity_providers/<idp_id>/protocols/openid/auth <--- For Keystone API (from https://docs.openstack.org/keystone/latest/advanced-topics/federation/openidc.html)

OIDCRedirectURI http://localhost:5000/v3/auth/OS-FEDERATION/websso
OIDCRedirectURI http://localhost:5000/v3/auth/OS-FEDERATION/identity_providers/myidp/protocols/openid/websso <--- For Horizon SSO (from https://docs.openstack.org/keystone/latest/advanced-topics/federation/websso.html)

The salt formula in https://github.com/salt-formulas/salt-formula-keystone only appears to allow one however (README.md only shows how to provide one, and keystone/files/ocata/wsgi-keystone.conf only refers to OIDCRedirectURI once)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.