diff --git a/doc/source/topics/settings.rst b/doc/source/topics/settings.rst index 231614f5c..7ffe89d86 100644 --- a/doc/source/topics/settings.rst +++ b/doc/source/topics/settings.rst @@ -951,6 +951,20 @@ make sure that you are using Keystone V3 and Django OpenStack Auth V1.2.0 or later. +``WEBSSO_KEYSTONE_URL`` +----------------------- + +.. versionadded:: 9.0.0(Mitaka) + +Default: None + +The full auth URL for the Keystone endpoint used for web single-sign-on +authentication. Use this when OPENSTACK_KEYSTONE_URL is set to an internal +Keystone endpoint and is not reachable from the external network where the +identity provider lives. This URL will take precedence over +OPENSTACK_KEYSTONE_URL if the login choice is an external Identity Provider. + + ``WEBSSO_INITIAL_CHOICE`` ------------------------- diff --git a/openstack_dashboard/local/local_settings.py.example b/openstack_dashboard/local/local_settings.py.example index 976326497..7b6c2ed55 100644 --- a/openstack_dashboard/local/local_settings.py.example +++ b/openstack_dashboard/local/local_settings.py.example @@ -164,6 +164,11 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" # Enables keystone web single-sign-on if set to True. #WEBSSO_ENABLED = False +# If set this URL will be used for web single-sign-on authentication +# Useful under some network configurations where OPENSTACK_KEYSTONE_URL +# is not reachable +#WEBSSO_KEYSTONE_URL = "http://keystone-public.example.com:5000/v3" + # Determines which authentication choice to show as default. #WEBSSO_INITIAL_CHOICE = "credentials" diff --git a/releasenotes/notes/websso_keystone_url-4a1262251586bfea.yaml b/releasenotes/notes/websso_keystone_url-4a1262251586bfea.yaml new file mode 100644 index 000000000..46086d31a --- /dev/null +++ b/releasenotes/notes/websso_keystone_url-4a1262251586bfea.yaml @@ -0,0 +1,9 @@ +--- +features: + - Adds a new optional WEBSSO_KEYSTONE_URL property to local_settings.py that + will take precedence over OPENSTACK_KEYSTONE_URL for websso authentication + with an external identity provider. + +fixes: + - OPENSTACK_KEYSTONE_URL may not be accessible under some network configurations +