[openstack-ansible] Keystone federation with OpenID needs shibboleth

Taltavull Jean-Francois jean-francois.taltavull at elca.ch
Wed May 5 15:26:59 UTC 2021

Hi All,

I'm trying to make keystone federation with openid connect work on an Ubuntu 20.04 + Victoria cloud deployed with OSA.

Despite the fact that I use openid, shibboleth seems to be involved and I had to add "ShibCompatValidUser On" directive to the file "/etc/apache2/conf-available/shib.conf", by hand in the keystone lxc container, in order to successfully authenticate ("valid user: granted" an not "valid user: denied" in apache log file).

Has anyone already experienced this use case ?

Thanks and best regards,

More information about the openstack-discuss mailing list