2018-06-12 14:35:00 -04:00
# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Enable keystone federation with OpenID Connect
# description: |
# This is an example template on how to configure keystone federation for
# the OpenID Connect protocol. You must modify the parameters to use
# values appropriate for your identity provider.
parameter_defaults :
# A list of methods used for authentication.
# Type: comma_delimited_list
KeystoneAuthMethods : password,token,openid
# The client ID to use when handshaking with your OpenID Connect provider
# Type: string
KeystoneOpenIdcClientId : myclientid
# The client secret to use when handshaking with your OpenID Connect provider
# Type: string
KeystoneOpenIdcClientSecret : myclientsecret
# Passphrase to use when encrypting data for OpenID Connect handshake.
# Type: string
KeystoneOpenIdcCryptoPassphrase : openstack
# The name associated with the IdP in Keystone.
# Type: string
KeystoneOpenIdcIdpName : myidp
# The url that points to your OpenID Connect provider metadata
# Type: string
2018-12-21 19:15:25 -08:00
KeystoneOpenIdcProviderMetadataUrl : https://myidp.example.test/auth/realms/openstack/.well-known/openid-configuration
2018-06-12 14:35:00 -04:00
# Attribute to be used to obtain the entity ID of the Identity Provider from the environment.
# Type: string
KeystoneOpenIdcRemoteIdAttribute : HTTP_OIDC_ISS
# Response type to be expected from the OpenID Connect provider.
# Type: string
KeystoneOpenIdcResponseType : id_token
# A list of dashboard URLs trusted for single sign-on.
# Type: comma_delimited_list
2018-12-21 19:15:25 -08:00
KeystoneTrustedDashboards : https://dashboard.example.test/dashboard/auth/websso/
# Specifies the list of SSO authentication choices to present. Each item is a list of an SSO choice identifier and a display message.
# Type: json
WebSSOChoices : [ [ 'OIDC' , 'OpenID Connect' ] ]
# Specifies a mapping from SSO authentication choice to identity provider and protocol. The identity provider and protocol names must match the resources defined in keystone.
# Type: json
WebSSOIDPMapping : {'OIDC' : [ 'myidp' , 'openid' ] }
# The initial authentication choice to select by default
# Type: string
WebSSOInitialChoice : OIDC
2018-06-12 14:35:00 -04:00
# ******************************************************
# Static parameters - these are values that must be
# included in the environment but should not be changed.
# ******************************************************
# Enable support for federated authentication.
# Type: boolean
KeystoneFederationEnable : True
# Enable support for OpenIDC federation.
# Type: boolean
KeystoneOpenIdcEnable : True
2018-12-21 19:15:25 -08:00
# Enable support for Web Single Sign-On
# Type: boolean
WebSSOEnable : True
2018-06-12 14:35:00 -04:00
# *********************
# End static parameters
# *********************