Add option for OIDCOutgoingProxy for mod_auth_openidc

Allows a user to specify the OIDCOutgoingProxy setting for mod_auth_openidc when setting up an OIDC identity provider. Change-Id: Ib37ace634f81e4f691d0b1aa8c52424a1c851da4
openstack · Apr 28, 2020 · 3b283ed · 3b283ed
1 parent 8d7d94e
commit 3b283ed
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -436,6 +436,7 @@ keystone_sp: {}
 #      oidc_client_secret: secret
 #      oidc_crypto_passphrase: random string
 #      oidc_redirect_uri: https://keystone:5000/v3/OS-FEDERATION/identity_providers/keycloak-idp/protocols/openid/auth
+#      oidc_outgoing_proxy: "proxy address" (optional setting)
 #      entity_ids:
 #        - 'https://identity-provider/openid-endpoint/'
 #      federated_identities:

diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2
@@ -45,7 +45,10 @@ Listen {{ keystone_service_port }}
     OIDCRedirectURI {{ keystone_sp.trusted_idp_list.0.oidc_redirect_uri }}
     {% if keystone_sp.trusted_idp_list.0.oidc_auth_verify_jwks_uri is defined -%}
     OIDCOAuthVerifyJwksUri {{ keystone_sp.trusted_idp_list.0.oidc_auth_verify_jwks_uri }}
-    {% endif %}
+    {% endif -%}
+    {% if keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy is defined -%}
+    OIDCOutgoingProxy {{ keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy }}
+    {% endif -%}
 
     <Location /v3/OS-FEDERATION/identity_providers/{{ keystone_sp.trusted_idp_list.0.name }}/protocols/openid/auth>
       Require valid-user