Hey there,

I'm currently investigating the features of openstack federated identity and oauth2/oidc with keycloak as an identity provider. Following the documentation [1] I have successfully deployed a setup where it is possible to login via the horizion board using the login of keycloak. As defined in the documentation I'm using apache2 with the mod_auth_openidc module.

So far so good...

If I try to access the api via the openstack-cli using the following configuration

``` OS_AUTH_URL=https://<openstack-ip>/identity/v3 OS_AUTH_TYPE=v3oidcpassword OS_IDENTITY_PROVIDER=keycloak OS_PROTOCOL=openid OS_USERNAME=<keycloak-user> OS_PASSWORD=<keycloak-password> OS_PROJECT=test OS_OPENID_SCOPE='openid email profile' OS_DISCOVERY_ENDPOINT=https:// <keycloak-ip>/realms/<realm>/.well-known/openid-configuration OS_ACCESS_TOKEN_TYPE=access_token OS_CLIENT_ID=<client-id> OS_CLIENT_SECRET=<client-secret> ```

the http-status-code of the server is 500. Inspecting the logs , I found the problem in the mod_auth_openidc modul which expects a content-type of application/x-www-form-urlencoded. Is there any way to change the content-type the openstack-cli from json to urlencoded or am I missing a step in the configuration or something else?

Thanks in advanced

Niklas

[1] https://docs.openstack.org/keystone/zed/admin/federation/configure_federatio...