Keystone OpenID Connect

  • By OpenStack Charmers
Channel Revision Published Runs on
latest/edge 13 28 Mar 2024
Ubuntu 22.04
zed/stable 5 23 Jan 2023
Ubuntu 22.04
2024.1/candidate 11 24 Jan 2024
Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
2023.2/stable 12 30 Nov 2023
Ubuntu 23.10 Ubuntu 22.04 Ubuntu 20.04
2023.1/stable 10 02 Jun 2023
Ubuntu 23.04 Ubuntu 22.04
juju deploy keystone-openidc --channel edge
Show information

Learn to deploy on juju >

Platform:

Ubuntu
22.04

Learn about configurations >

  • auth-type | string

    Default: auth-openidc

    To add support to Bearer Access Token authentication flow that is used by applications that do not adopt the browser flow, such the OpenStack CLI, the auth-type must be set to auth-openidc (the default) otherwise to openid-connect.

  • debug | boolean

    Enable debug logging.

  • enable-oauth | boolean

    Default: True

    Set to true to enable OAuth2 support.

  • oidc-client-id | string

    Client identifier used to connect to the OpenID Connect Provider.

  • oidc-client-secret | string

    Password used to authenticate with the OpenID Connect Provider.

  • oidc-oauth-introspection-endpoint | string

    OAuth 2.0 Authorization Server token introspection endpoint. When `enable-oauth` is set to true and this option unset (the default), the introspection endpoint available in the metadata will be used.

  • oidc-oauth-verify-jwks-uri | string

    The JWKs URL on which the Authorization Server publishes the keys used to sign its JWT access tokens.

  • oidc-provider-auth-endpoint | string

    Open ID Connect Provider authorization endpoint (e.g. https://example.com/as/authorization.oauth2). Used when oidc-provider-metadata-url is not set or the metadata obtained from that URL does not set it.

  • oidc-provider-issuer | string

    Open ID Connect Provider issuer identifier (e.g. https://example.com ). Used when oidc-provider-metadata-url is not set or the metadata obtained from that URL does not set it.

  • oidc-provider-jwks-uri | string

    .

  • oidc-provider-metadata-url | string

    URL to discover the OpenID Connect Provider and obtain information needed to interact with it, including its OAuth 2.0 endpoint locations. Example: https://example.com/.well-known/openid-configuration

  • oidc-provider-token-endpoint | string

    Open ID Connect Provider token endpoint (e.g. https://example.com/as/token.oauth2). Used when oidc-provider-metadata-url is not set or the metadata obtained from that URL does not set it.

  • oidc-provider-token-endpoint-auth | string

    Authentication method for the Open ID Connect Provider token endpoint, possible options are: client_secret_basic, client_secret_post, client_secret_jwt, private_key_jwt or none. Used when oidc-provider-metadata-url is not set or the metadata obtained from that URL does not set it.

  • oidc-provider-user-info-endpoint | string

    Open ID Connect Provider user info endpoint (e.g. https://example.com/idp/userinfo.openid). Used when oidc-provider-metadata-url is not set or the metadata obtained from that URL does not set it.

  • oidc-remote-user-claim | string

    The claim that is used when setting the REMOTE_USER variable on OpenID Connect protected paths, for example: email.

  • protocol_id | string

    Default: openid

    Federation protocol name.

  • remote-id-attribute | string

    Default: HTTP_OIDC_ISS

    Attribute used to obtain the entity ID of the OpenID Connect Provider.

  • user-facing-name | string

    Default: OpenID Connect via mapped

    A user-facing name to be used for the identity provider and protocol combination. Used in the OpenStack dashboard.