Appendix 1: wsgi-keystone.conf sample file

Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/apache2/keystone.log
    CustomLog /var/log/apache2/keystone_access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
    OIDCClaimPrefix "OIDC-"
    OIDCResponseType "id_token"
    OIDCScope "openid email profile"
    OIDCProviderIssuer https://demo.gxicloud.com:8443/openam/oauth2/ocean/crew
    OIDCProviderAuthorizationEndpoint https://demo.gxicloud.com:8443/openam/oauth2/authorize?realm=/ocean/crew
    OIDCProviderTokenEndpoint https://demo.gxicloud.com:8443/openam/oauth2/access_token?realm=/ocean/crew
    OIDCProviderTokenEndpointAuth client_secret_basic
    OIDCProviderUserInfoEndpoint https://demo.gxicloud.com:8443/openam/oauth2/userinfo?realm=/ocean/crew
    OIDCProviderJwksUri https://demo.gxicloud.com:8443/openam/oauth2/connect/jwk_uri?realm=/ocean/crew
    OIDCSSLValidateServer Off
    OIDCOAuthSSLValidateServer Off
    OIDCClientID openstack
    #OIDCClientID rootclientid
    OIDCClientSecret password
    OIDCCryptoPassphrase password
    OIDCRedirectURI "http://n1-dpdk4:5000/v3/OS-FEDERATION/identity_providers/openam_idp/protocols/oidc/auth/redirect"
    <LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/oidc/auth>
    AuthType openid-connect
    Require valid-user
    LogLevel debug
    </LocationMatch>

    OIDCRedirectURI "http://n1-dpdk4:5000/v3/auth/OS-FEDERATION/websso/redirect"
    OIDCRedirectURI "http://n1-dpdk4:5000/v3/auth/OS-FEDERATION/websso/oidc/redirect"
    <Location ~ "/v3/auth/OS-FEDERATION/websso/oidc">
    AuthType openid-connect
    Require valid-user
    </Location>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/apache2/keystone.log
    CustomLog /var/log/apache2/keystone_access.log combined
    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

results matching ""

    No results matching ""