diff options
author | Zuul <zuul@review.opendev.org> | 2022-01-12 12:15:26 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2022-01-12 12:15:26 +0000 |
commit | 8fe5bbc8daed71658ae1613e1e67f402bcecc24c (patch) | |
tree | aba4ffb864ca4951bbc7b3440217f03997f55092 /doc | |
parent | 12bb9fe5184c9dd3329ba17b3d03c90887dbcc3d (diff) | |
parent | 33292ca0a467637971c73f420166b4077e941e20 (diff) | |
download | horizon-8fe5bbc8daed71658ae1613e1e67f402bcecc24c.tar.gz |
Merge "Use OPENSTACK_KEYSTONE_URL instead of HTTP_REFERRER"
Diffstat (limited to 'doc')
-rw-r--r-- | doc/source/configuration/settings.rst | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/source/configuration/settings.rst b/doc/source/configuration/settings.rst index 166c76db8..ebad4967d 100644 --- a/doc/source/configuration/settings.rst +++ b/doc/source/configuration/settings.rst @@ -1715,6 +1715,23 @@ identity provider lives. This URL will take precedence over ``OPENSTACK_KEYSTONE_URL`` if the login choice is an external identity provider (IdP). +WEBSSO_USE_HTTP_REFERER +~~~~~~~~~~~~~~~~~~~~~~~ + +.. versionadded:: 21.0.0(Yoga) + +Default: ``True`` + +For use in cases of web single-sign-on authentication when the control plane +has no outbound connectivity to the external service endpoints. By default +the HTTP_REFERER is used to derive the Keystone endpoint to pass requests to. +As previous requests to an external IdP will be using Keystone's external +endpoint, this HTTP_REFERER will be Keystone's external endpoint. +When Horizon is unable to connect to Keystone's external endpoint in this setup +this leads to a time out. ``WEBSSO_USE_HTTP_REFERER`` can be set to False to +use the ``OPENSTACK_KEYSTONE_URL`` instead, which should be set to an internal +Keystone endpoint, so that this request will succeed. + Neutron ------- |