
When the juju model-config key juju-https-proxy is set, its value will be used to pass it to mod_auth_openidc in the configuration stanza OIDCOutgoingProxy. When trying to fetch the metadata url content the configured proxy settings will be used as well, as returned by charmhelpers.core.hookenv.env_proxy_settings(). Closes-Bug: #2102156 Change-Id: I38c2733921fd56275cdd1396c6fb09d9fef72b4c
89 lines
3.1 KiB
ApacheConf
89 lines
3.1 KiB
ApacheConf
{# -*- mode: apache -*- #}
|
|
OIDCClaimPrefix "OIDC-"
|
|
OIDCClaimDelimiter ";"
|
|
{% if options.oidc_response_type -%}
|
|
OIDCResponseType {{ options.oidc_response_type }}
|
|
{% endif -%}
|
|
OIDCScope "openid email profile"
|
|
|
|
{% if options.oidc_session_type -%}
|
|
OIDCSessionType {{ options.oidc_session_type }}
|
|
{% endif -%}
|
|
{% if options.oidc_state_input_headers -%}
|
|
OIDCStateInputHeaders {{ options.oidc_state_input_headers }}
|
|
{% endif -%}
|
|
{% if options.oidc_x_forwarded_headers -%}
|
|
OIDCXForwardedHeaders {{ options.oidc_x_forwarded_headers }}
|
|
{% endif -%}
|
|
{% if options.oidc_provider_metadata_url -%}
|
|
OIDCProviderMetadataURL {{ options.oidc_provider_metadata_url }}
|
|
{% endif -%}
|
|
{% if options.oidc_provider_issuer -%}
|
|
OIDCProviderIssuer {{ options.oidc_provider_issuer }}
|
|
{% endif -%}
|
|
{% if options.oidc_provider_auth_endpoint -%}
|
|
OIDCProviderAuthorizationEndpoint {{ options.oidc_provider_auth_endpoint }}
|
|
{% endif -%}
|
|
{% if options.oidc_provider_token_endpoint -%}
|
|
OIDCProviderTokenEndpoint {{ options.oidc_provider_token_endpoint }}
|
|
{% endif -%}
|
|
{% if options.oidc_provider_token_endpoint_auth -%}
|
|
OIDCProviderTokenEndpointAuth {{ options.oidc_provider_token_endpoint_auth }}
|
|
{% endif -%}
|
|
{% if options.oidc_provider_user_info_endpoint -%}
|
|
OIDCProviderUserInfoEndpoint {{ options.oidc_provider_user_info_endpoint }}
|
|
{% endif -%}
|
|
{% if options.oidc_provider_jwks_uri -%}
|
|
OIDCProviderJwksUri {{ options.oidc_provider_jwks_uri }}
|
|
{% endif -%}
|
|
|
|
OIDCClientID {{ options.oidc_client_id }}
|
|
{% if options.oidc_client_secret -%}
|
|
OIDCClientSecret {{ options.oidc_client_secret }}
|
|
{% endif -%}
|
|
OIDCCryptoPassphrase {{ options.oidc_crypto_passphrase }}
|
|
OIDCRedirectURI {{ options.scheme }}://{{ options.hostname }}:{{ options.port }}/v3/OS-FEDERATION/identity_providers/{{ options.idp_id }}/protocols/{{ options.protocol_id }}/auth
|
|
|
|
{% if options.oidc_remote_user_claim -%}
|
|
OIDCRemoteUserClaim {{ options.oidc_remote_user_claim }}
|
|
{% endif -%}
|
|
|
|
{%- if options.enable_oauth %}
|
|
{%- if options.oidc_oauth_verify_jwks_uri %}
|
|
OIDCOAuthVerifyJwksUri {{ options.oidc_oauth_verify_jwks_uri }}
|
|
{%- else %}
|
|
OIDCOAuthIntrospectionEndpoint {{ options.oauth_introspection_endpoint }}
|
|
OIDCOAuthIntrospectionEndpointParams token_type_hint=access_token
|
|
OIDCOAuthClientID {{ options.oidc_client_id }}
|
|
{%- if options.oidc_client_secret %}
|
|
OIDCOAuthClientSecret {{ options.oidc_client_secret }}
|
|
{%- endif %}
|
|
{%- endif %}
|
|
{%- endif %}
|
|
{% if options.oidc_outgoing_proxy -%}
|
|
OIDCOutgoingProxy {{ options.oidc_outgoing_proxy }}
|
|
{% endif -%}
|
|
|
|
<LocationMatch /v3/OS-FEDERATION/identity_providers/{{ options.idp_id }}/protocols/{{ options.protocol_id }}/auth>
|
|
AuthType {{ options.auth_type }}
|
|
Require valid-user
|
|
{%- if options.debug %}
|
|
LogLevel debug
|
|
{%- endif %}
|
|
</LocationMatch>
|
|
|
|
<Location /v3/auth/OS-FEDERATION/websso/{{ options.protocol_id }}>
|
|
Require valid-user
|
|
AuthType openid-connect
|
|
{%- if options.debug %}
|
|
LogLevel debug
|
|
{%- endif %}
|
|
</Location>
|
|
<Location /v3/auth/OS-FEDERATION/identity_providers/{{ options.idp_id }}/protocols/{{ options.protocol_id }}/websso>
|
|
Require valid-user
|
|
AuthType openid-connect
|
|
{%- if options.debug %}
|
|
LogLevel debug
|
|
{%- endif %}
|
|
</Location>
|