openstack/openstack-manuals
Code Issues Proposed changes
openstack-manuals/doc/config-reference/source/tables/keystone-federation.rst
Gauvain Pocentek 0806ec8ea4 [config-ref] Update keystone tables 
Change-Id: Id5bb093eb05a38aa0bd4cd11f2c08de9a5f64c46
2017-04-29 17:11:46 +02:00

2.7 KiB
Raw Blame History

Description of federation configuration options
Configuration option = Default value Description
[federation]
driver = sql (String) Entry point for the federation backend driver in the keystone.federation namespace. Keystone only provides a sql driver, so there is no reason to set this option unless you are providing a custom entry point.
assertion_prefix = (String) Prefix to use when filtering environment variable names for federated assertions. Matched variables are passed into the federated mapping engine.
remote_id_attribute = None (String) Value to be used to obtain the entity ID of the Identity Provider from the environment. For mod_shib, this would be Shib-Identity-Provider. For For mod_auth_openidc, this could be HTTP_OIDC_ISS. For mod_auth_mellon, this could be MELLON_IDP.
federated_domain_name = Federated (String) An arbitrary domain name that is reserved to allow federated ephemeral users to have a domain concept. Note that an admin will not be able to create a domain with this name or update an existing domain to this name. You are not advised to change this value unless you really have to.
trusted_dashboard = [] (Multi-valued) A list of trusted dashboard hosts. Before accepting a Single Sign-On request to return a token, the origin host must be a member of this list. This configuration option may be repeated for multiple values. You must set this in order to use web-based SSO flows. For example: trusted_dashboard=https://acme.example.com/auth/websso trusted_dashboard=https://beta.example.com/auth/websso
sso_callback_template = /etc/keystone/sso_callback_template.html (String) Absolute path to an HTML file used as a Single Sign-On callback handler. This page is expected to redirect the user from keystone back to a trusted dashboard host, by form encoding a token in a POST request. Keystone's default value should be sufficient for most deployments.
caching = True (Boolean) Toggle for federation caching. This has no effect unless global caching is enabled. There is typically no reason to disable this.