Hey there,

I'm currently investigating the features of openstack federated identity and oauth2/oidc with keycloak as an identity provider.

Following the documentation [1] I have successfully deployed a setup where it is possible to login via the horizion board using
the login of keycloak.

As defined in the documentation I'm using apache2 with the mod_auth_openidc module.

So far so good...

If I try to access the api via the openstack-cli using the following configuration

```

OS_AUTH_URL=https://<openstack-ip>/identity/v3
OS_AUTH_TYPE=v3oidcpassword
OS_IDENTITY_PROVIDER=keycloak
OS_PROTOCOL=openid
OS_USERNAME=<keycloak-user>
OS_PASSWORD=<keycloak-password>
OS_PROJECT=test
OS_OPENID_SCOPE='openid email profile'
OS_DISCOVERY_ENDPOINT=https://<keycloak-ip>/realms/<realm>/.well-known/openid-configuration
OS_ACCESS_TOKEN_TYPE=access_token
OS_CLIENT_ID=<client-id>
OS_CLIENT_SECRET=<client-secret>

```

the http-status-code of the server is 500. Inspecting the logs , I found the problem in the mod_auth_openidc modul

which expects a content-type of application/x-www-form-urlencoded. Is there any way to change the content-type

the openstack-cli from json to urlencoded or am I missing a step in the configuration or something else?

Thanks in advanced

Niklas

[1] https://docs.openstack.org/keystone/zed/admin/federation/configure_federation.html