Files
charm-keystone-openidc/templates/apache-openidc-location.conf
Felipe Reyes 8692fe0a5c Add OIDCOutgoingProxy to Apache configuration
When the juju model-config key juju-https-proxy is set, its value will
be used to pass it to mod_auth_openidc in the configuration stanza
OIDCOutgoingProxy.

When trying to fetch the metadata url content the configured proxy
settings will be used as well, as returned by
charmhelpers.core.hookenv.env_proxy_settings().

Closes-Bug: #2102156
Change-Id: I38c2733921fd56275cdd1396c6fb09d9fef72b4c
2025-03-18 13:27:34 -03:00

89 lines
3.1 KiB
ApacheConf

{# -*- mode: apache -*- #}
OIDCClaimPrefix "OIDC-"
OIDCClaimDelimiter ";"
{% if options.oidc_response_type -%}
OIDCResponseType {{ options.oidc_response_type }}
{% endif -%}
OIDCScope "openid email profile"
{% if options.oidc_session_type -%}
OIDCSessionType {{ options.oidc_session_type }}
{% endif -%}
{% if options.oidc_state_input_headers -%}
OIDCStateInputHeaders {{ options.oidc_state_input_headers }}
{% endif -%}
{% if options.oidc_x_forwarded_headers -%}
OIDCXForwardedHeaders {{ options.oidc_x_forwarded_headers }}
{% endif -%}
{% if options.oidc_provider_metadata_url -%}
OIDCProviderMetadataURL {{ options.oidc_provider_metadata_url }}
{% endif -%}
{% if options.oidc_provider_issuer -%}
OIDCProviderIssuer {{ options.oidc_provider_issuer }}
{% endif -%}
{% if options.oidc_provider_auth_endpoint -%}
OIDCProviderAuthorizationEndpoint {{ options.oidc_provider_auth_endpoint }}
{% endif -%}
{% if options.oidc_provider_token_endpoint -%}
OIDCProviderTokenEndpoint {{ options.oidc_provider_token_endpoint }}
{% endif -%}
{% if options.oidc_provider_token_endpoint_auth -%}
OIDCProviderTokenEndpointAuth {{ options.oidc_provider_token_endpoint_auth }}
{% endif -%}
{% if options.oidc_provider_user_info_endpoint -%}
OIDCProviderUserInfoEndpoint {{ options.oidc_provider_user_info_endpoint }}
{% endif -%}
{% if options.oidc_provider_jwks_uri -%}
OIDCProviderJwksUri {{ options.oidc_provider_jwks_uri }}
{% endif -%}
OIDCClientID {{ options.oidc_client_id }}
{% if options.oidc_client_secret -%}
OIDCClientSecret {{ options.oidc_client_secret }}
{% endif -%}
OIDCCryptoPassphrase {{ options.oidc_crypto_passphrase }}
OIDCRedirectURI {{ options.scheme }}://{{ options.hostname }}:{{ options.port }}/v3/OS-FEDERATION/identity_providers/{{ options.idp_id }}/protocols/{{ options.protocol_id }}/auth
{% if options.oidc_remote_user_claim -%}
OIDCRemoteUserClaim {{ options.oidc_remote_user_claim }}
{% endif -%}
{%- if options.enable_oauth %}
{%- if options.oidc_oauth_verify_jwks_uri %}
OIDCOAuthVerifyJwksUri {{ options.oidc_oauth_verify_jwks_uri }}
{%- else %}
OIDCOAuthIntrospectionEndpoint {{ options.oauth_introspection_endpoint }}
OIDCOAuthIntrospectionEndpointParams token_type_hint=access_token
OIDCOAuthClientID {{ options.oidc_client_id }}
{%- if options.oidc_client_secret %}
OIDCOAuthClientSecret {{ options.oidc_client_secret }}
{%- endif %}
{%- endif %}
{%- endif %}
{% if options.oidc_outgoing_proxy -%}
OIDCOutgoingProxy {{ options.oidc_outgoing_proxy }}
{% endif -%}
<LocationMatch /v3/OS-FEDERATION/identity_providers/{{ options.idp_id }}/protocols/{{ options.protocol_id }}/auth>
AuthType {{ options.auth_type }}
Require valid-user
{%- if options.debug %}
LogLevel debug
{%- endif %}
</LocationMatch>
<Location /v3/auth/OS-FEDERATION/websso/{{ options.protocol_id }}>
Require valid-user
AuthType openid-connect
{%- if options.debug %}
LogLevel debug
{%- endif %}
</Location>
<Location /v3/auth/OS-FEDERATION/identity_providers/{{ options.idp_id }}/protocols/{{ options.protocol_id }}/websso>
Require valid-user
AuthType openid-connect
{%- if options.debug %}
LogLevel debug
{%- endif %}
</Location>