2ed76dee5d
The redirect URI specified in the Apache config for OIDC was unintentionally serving a dual purpose as a redirect URI and a handler for command line auth. As of mod_auth_openidc v2.4.9 this no longer works. This change splits the paths for command line auth and the redirect URI into two to work around this. Change-Id: I27c612cf8537b401c1195ae0892bf5569e2f3858
14 lines
568 B
YAML
14 lines
568 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
Keystone OIDC parameter 'oidc_redirect_uri' is replaced with
|
|
'oidc_redirect_path'. This parameter no longer needs to be set explicitly
|
|
unless you run additional services which may collide with the default
|
|
on the same port as Keystone. Your OIDC provider may need to be updated
|
|
to reflect this change in redirect URI which defaults to the Keystone
|
|
public URL plus the path /oidc_redirect.
|
|
fixes:
|
|
- |
|
|
Fixed OpenStack command line OIDC integration where Apache mod_auth_openidc
|
|
if >= v2.4.9 including on Ubuntu Jammy.
|