diff options
| author |   asteroide <thomas.duval@orange.com> | 2015-09-24 16:27:16 +0200 |
|---|---|---|
| committer | asteroide <thomas.duval@orange.com> | 2015-09-24 16:27:16 +0200 |
| commit | 92d11d139e9f76d4fd76859aea78643fc32ef36b (patch) | |
| tree | bd5a2e7b50853498074ab55bdaee4452c460010b /keystone-moon/etc | |
| parent | 49325d99acfadaadfad99c596c4ada6b5ec849de (diff) | |
Update Keystone code from repository.
Change-Id: Ib3d0a06b10902fcc6d520f58e85aa617bc326d00
Diffstat (limited to 'keystone-moon/etc')
| -rw-r--r-- | keystone-moon/etc/keystone.conf.sample | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/keystone-moon/etc/keystone.conf.sample b/keystone-moon/etc/keystone.conf.sample index ec5a08cc..9c76fc0d 100644 --- a/keystone-moon/etc/keystone.conf.sample +++ b/keystone-moon/etc/keystone.conf.sample @@ -760,8 +760,8 @@ # A list of trusted dashboard hosts. Before accepting a Single Sign-On request # to return a token, the origin host must be a member of the trusted_dashboard # list. This configuration option may be repeated for multiple values. For -# example: trusted_dashboard=http://acme.com trusted_dashboard=http://beta.com -# (multi valued) +# example: trusted_dashboard=http://acme.com/auth/websso +# trusted_dashboard=http://beta.com/auth/websso (multi valued) #trusted_dashboard = # Location of Single Sign-On callback handler, will return a token to a trusted @@ -1934,6 +1934,32 @@ #hash_algorithm = md5 +[tokenless_auth] + +# +# From keystone +# + +# The list of trusted issuers to further filter the certificates that are +# allowed to participate in the X.509 tokenless authorization. If the option is +# absent then no certificates will be allowed. The naming format for the +# attributes of a Distinguished Name(DN) must be separated by a comma and +# contain no spaces. This configuration option may be repeated for multiple +# values. For example: trusted_issuer=CN=john,OU=keystone,O=openstack +# trusted_issuer=CN=mary,OU=eng,O=abc (multi valued) +#trusted_issuer = + +# The protocol name for the X.509 tokenless authorization along with the option +# issuer_attribute below can look up its corresponding mapping. (string value) +#protocol = x509 + +# The issuer attribute that is served as an IdP ID for the X.509 tokenless +# authorization along with the protocol to look up its corresponding mapping. +# It is the environment variable in the WSGI environment that references to the +# issuer of the client certificate. (string value) +#issuer_attribute = SSL_CLIENT_I_DN + + [trust] # |