Skip to content

Commit cb4e1e9

Browse files
msherman64msherman64
committed
get federated signin working without extra clicks
1 parent 438fb62 commit cb4e1e9

8 files changed

+41
-601
lines changed

site-config/globals.yml

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -32,10 +32,22 @@ virtualenv: /opt/kolla/venv
3232
####################
3333

3434
kolla_base_distro: "ubuntu"
35+
kolla_install_type: "source"
3536

3637
# point at the docker registry we want
3738
docker_namespace: kolla
3839
docker_registry: docker.chameleoncloud.org
40+
# horizon_tag: ae78321-dirty
41+
# keystone_tag: ae78321-dirty
42+
43+
keystone_image_full: ghcr.io/chameleoncloud/kolla/ubuntu-source-keystone:77cca74
44+
keystone_fernet_image_full: ghcr.io/chameleoncloud/kolla/ubuntu-source-keystone-fernet:77cca74
45+
keystone_ssh_image_full: ghcr.io/chameleoncloud/kolla/ubuntu-source-keystone-ssh:77cca74
46+
horizon_image_full: ghcr.io/chameleoncloud/kolla/ubuntu-source-horizon:77cca74
47+
48+
# docker_registry: ghcr.io
49+
# docker_namespace: chameleoncloud/kolla
50+
3951

4052
# default superadmin user and project
4153
keystone_admin_user: "admin"
@@ -70,28 +82,25 @@ horizon_custom_themes:
7082
# Federated login config
7183
########################
7284

73-
# enable_keystone_federation: false
85+
enable_keystone_federation: true
7486

7587
keystone_identity_providers:
76-
- name: "chameleon"
77-
openstack_domain: "chameleon"
78-
protocol: openid
79-
identifier: "https://auth.chameleoncloud.org/auth/realms/chameleon"
80-
public_name: Login with Chameleon
81-
attribute_mapping: chameleon_mapping
82-
metadata_folder: "{{ node_custom_config }}/keystone/federation/metadata"
8388
- name: "chameleon_dev"
8489
openstack_domain: "chameleon_dev"
8590
protocol: openid
8691
identifier: "https://auth.dev.chameleoncloud.org/auth/realms/chameleon"
8792
public_name: Login with Chameleon Dev
8893
attribute_mapping: chameleon_mapping
89-
metadata_folder: "{{ node_custom_config }}/keystone/federation/metadata"
9094

9195
keystone_identity_mappings:
9296
- name: chameleon_mapping
9397
file: "{{ node_custom_config }}/keystone/idp_mapping.json"
9498

99+
100+
keystone_oidc_client_id: "keystone-ciab-dev"
101+
keystone_oidc_client_secret: "public"
102+
keystone_oidc_provider_metadata_url: "{{ keystone_identity_providers[0].identifier }}/.well-known/openid-configuration"
103+
95104
# keystone_image_full: ghcr.io/chameleoncloud/kolla/keystone:2023.1-ubuntu-jammy
96105
# keystone_fernet_image_full: ghcr.io/chameleoncloud/kolla/keystone-fernet:2023.1-ubuntu-jammy
97106
# keystone_ssh_image_full: ghcr.io/chameleoncloud/kolla/keystone-ssh:2023.1-ubuntu-jammy

site-config/node_custom_config/horizon/custom_local_settings

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,29 @@ OPENSTACK_IMAGE_BACKEND = {
9999
],
100100
}
101101

102+
{% if enable_keystone_federation | bool %}
103+
WEBSSO_ENABLED = True
104+
105+
WEBSSO_CHOICES = (
106+
{% for idp in keystone_identity_providers %}
107+
("{{ idp.name }}", "{{ idp.public_name }}"),
108+
{% endfor %}
109+
)
110+
WEBSSO_IDP_MAPPING = {
111+
{% for idp in keystone_identity_providers %}
112+
"{{ idp.name }}": ("{{ idp.name }}", "{{ idp.protocol }}"),
113+
{% endfor %}
114+
}
115+
WEBSSO_DEFAULT_REDIRECT = True
116+
117+
# This really shouldn't have to be set, but it's set at configuration parse
118+
# time and derived from a value (OPENSTACK_KEYSTONE_URL) that is overriden by
119+
# our configuration.
120+
WEBSSO_KEYSTONE_URL = "{{ keystone_public_url }}/v3"
121+
WEBSSO_DEFAULT_REDIRECT_REGION = '{{ keystone_public_url }}/v3'
122+
WEBSSO_DEFAULT_REDIRECT_PROTOCOL = 'openid'
123+
{% endif %}
124+
102125
# The OPENSTACK_HEAT_STACK has the only setting available - enable_user_pass,
103126
# which can be used to disable the password field while launching the stack.
104127
# Set to False if HEAT uses trusts by default otherwise it needs to be set as True.

site-config/node_custom_config/keystone/federation/metadata/auth.chameleoncloud.org%2Fauth%2Frealms%2Fchameleon.client

Lines changed: 0 additions & 4 deletions
This file was deleted.

site-config/node_custom_config/keystone/federation/metadata/auth.chameleoncloud.org%2Fauth%2Frealms%2Fchameleon.conf

Lines changed: 0 additions & 1 deletion
This file was deleted.

site-config/node_custom_config/keystone/federation/metadata/auth.chameleoncloud.org%2Fauth%2Frealms%2Fchameleon.provider

Lines changed: 0 additions & 291 deletions
This file was deleted.

site-config/node_custom_config/keystone/federation/metadata/auth.dev.chameleoncloud.org%2Fauth%2Frealms%2Fchameleon.client

Lines changed: 0 additions & 4 deletions
This file was deleted.

site-config/node_custom_config/keystone/federation/metadata/auth.dev.chameleoncloud.org%2Fauth%2Frealms%2Fchameleon.conf

Lines changed: 0 additions & 1 deletion
This file was deleted.

0 commit comments

Comments
 (0)