On Wed, Aug 10, 2016 at 08:47:00AM -0300, Sebastian Marcet wrote: > Craige greetings - > what you are depicting > on [1]https://storyboard.openstack.org/#!/story/2000694 > its the correct behavior, after you perform > curl -k [2]https://openstackid.org/ | grep discovery <meta > http-equiv="X-XRDS-Location" > content="[3]https://openstackid.org/discovery" /> > curl -k [4]https://openstackid.org/discovery | grep URI > <URI>[5]https://openstackid.org/accounts/openid2</URI> > you already have the discovery info ( yadis doc) and the openid endpoint : > [6]https://openstackid.org/accounts/openid2 > you dont have to do a GET request against that endpoint, BC otherwise u > will get the 404, u need to perform an openid 2.0 valid request doing a > POST > like depicted > here [7]https://openid.net/specs/openid-authentication-2_0.html#associations Thank you for clarifying where my testing was wrong. Greatly appreciated. > however, to configure the apache mod > inside your vhost configuration you should have something like this > <Location /> > AuthType OpenID > require valid-user > AuthOpenIDTrusted ^[8]https://openstackid-dev.openstack.org > AuthOpenIDSingleIdP [9]https://openstackid-dev.openstack.org > AuthOpenIDSecureCookie Off # off for now > AuthOpenIDAXRequire email [10]http://axschema.org/contact/email .+ > AuthOpenIDAXUsername email > </Location> My current vhost config[1] (line 58) currently has significantly fewer options than your example above but works with login.ubuntu.com. I'll try it with your suggested additions and see how I go. Thank you. [1] https://review.openstack.org/#/c/342481/22/templates/vhost.erb -- Craige McWhirter M: +61 4685 91819 W: https://mcwhirter.com.au/ GNUSocial: https://social.mcwhirter.io/craige -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20160811/f5cf3c04/attachment.pgp>