KEYSTONE-578 Add a configurable websso keystone url

Horizon will support an additional WEBSSO_KEYSTONE_URL configuration setting in local/local_settings.py which will be used to perform the WebSSO authentication. This URL takes precedence over OPENSTACK_KEYSTONE_URL which in multi-network deployments might not be reachable from the external network where the identity provider lives. Upstream-ref: https://review.openstack.org/#/c/279758 Depends-On: I30845d821604e754f11123e2b69207090f45459f Change-Id: Iad3cbc7002c0339e40b91edccc4f25a0d4b48a78
dan1 · Mar 15, 2016 · cf102bf · cf102bf
1 parent 6cddba9
commit cf102bf
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 0 deletions.
diff --git a/doc/source/topics/settings.rst b/doc/source/topics/settings.rst
@@ -951,6 +951,20 @@ make sure that you are using Keystone V3 and Django OpenStack Auth V1.2.0 or
 later.
 
 
+``WEBSSO_KEYSTONE_URL``
+-----------------------
+
+.. versionadded:: 9.0.0(Mitaka)
+
+Default: None
+
+The full auth URL for the Keystone endpoint used for web single-sign-on
+authentication. Use this when OPENSTACK_KEYSTONE_URL is set to an internal
+Keystone endpoint and is not reachable from the external network where the
+identity provider lives. This URL will take precedence over
+OPENSTACK_KEYSTONE_URL if the login choice is an external Identity Provider.
+
+
 ``WEBSSO_INITIAL_CHOICE``
 -------------------------
 

diff --git a/openstack_dashboard/local/local_settings.py.example b/openstack_dashboard/local/local_settings.py.example
@@ -164,6 +164,11 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
 # Enables keystone web single-sign-on if set to True.
 #WEBSSO_ENABLED = False
 
+# If set this URL will be used for web single-sign-on authentication
+# Useful under some network configurations where OPENSTACK_KEYSTONE_URL
+# is not reachable
+#WEBSSO_KEYSTONE_URL = "http://keystone-public.example.com:5000/v3"
+
 # Determines which authentication choice to show as default.
 #WEBSSO_INITIAL_CHOICE = "credentials"
 

diff --git a/releasenotes/notes/websso_keystone_url-4a1262251586bfea.yaml b/releasenotes/notes/websso_keystone_url-4a1262251586bfea.yaml
@@ -0,0 +1,9 @@
+---
+features:
+  - Adds a new optional WEBSSO_KEYSTONE_URL property to local_settings.py that
+    will take precedence over OPENSTACK_KEYSTONE_URL for websso authentication
+    with an external identity provider.
+
+fixes:
+  - OPENSTACK_KEYSTONE_URL may not be accessible under some network configurations
+    <https://launchpad.net/bugs/1544703>