blob: eab84fd073d255bb6c7c77fc5603102e2cbf4986 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
# DO NOT USE THIS IN PRODUCTION ENVIRONMENTS!
OIDCSSLValidateServer Off
OIDCOAuthSSLValidateServer Off
OIDCCookieSameSite On
OIDCClaimPrefix "OIDC-"
OIDCResponseType "id_token"
OIDCScope "openid email profile"
OIDCProviderMetadataURL "%OIDC_METADATA_URL%"
OIDCClientID "%OIDC_CLIENT_ID%"
OIDCClientSecret "%OIDC_CLIENT_SECRET%"
OIDCPKCEMethod "S256"
OIDCCryptoPassphrase "openstack"
OIDCRedirectURI "https://%HOST_IP%/identity/v3/auth/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/openid/websso"
OIDCRedirectURI "https://%HOST_IP%/identity/v3/auth/OS-FEDERATION/websso/openid"
<LocationMatch "/v3/auth/OS-FEDERATION/websso/openid">
AuthType "openid-connect"
Require valid-user
LogLevel debug
</LocationMatch>
<LocationMatch "/v3/auth/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/openid/websso">
AuthType "openid-connect"
Require valid-user
LogLevel debug
</LocationMatch>
<LocationMatch "/v3/auth/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/openid/auth">
AuthType "openid-connect"
Require valid-user
LogLevel debug
</LocationMatch>
<Location ~ "/v3/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/openid/auth">
AuthType oauth20
Require valid-user
</Location>
OIDCOAuthClientID "%OIDC_CLIENT_ID%"
OIDCOAuthClientSecret "%OIDC_CLIENT_SECRET%"
OIDCOAuthIntrospectionEndpoint "%OIDC_INTROSPECTION_URL%"
# Horizon favors the referrer to the Keystone URL that is set.
# https://github.com/openstack/horizon/blob/5e4ca1a9fdec04db08552e9e93fe372b8b8b45ae/openstack_auth/views.py#L192
Header always set Referrer-Policy "no-referrer"
|
