Could you check which apache modules are enabled? The set is defined in the code here https://github.com/openstack/openstack-ansible-os_keystone/blob/master/vars/ubuntu-20.04.yml#L85-L95 On 05/05/2021 17:41, Taltavull Jean-Francois wrote: > I've got keystone_sp.apache_mod = mod_auth_openidc > > >> -----Original Message----- >> From: Jonathan Rosser <jonathan.rosser at rd.bbc.co.uk> >> Sent: mercredi, 5 mai 2021 17:57 >> To: openstack-discuss at lists.openstack.org >> Subject: Re: [openstack-ansible] Keystone federation with OpenID needs >> shibboleth >> >> Hi Jean-Francois, >> >> I have a similar deployment of Victoria on Ubuntu 18.04 using OIDC . >> >> On Ubuntu 18.04 libapache2-mod-auth-openidc and libapache2-mod-shib2 can't >> be co-installed as they require conflicting versions of libcurl - see the >> workaround here >> https://github.com/openstack/openstack-ansible- >> os_keystone/blob/master/vars/debian.yml#L58-L61 >> >> For Ubuntu 20.04 these packages are co-installable so whenever keystone is >> configured to be a SP both are installed, as here >> https://github.com/openstack/openstack-ansible- >> os_keystone/blob/master/vars/ubuntu-20.04.yml#L58-L60 >> >> A starting point would be checking what you've got keystone_sp.apache_mod >> set to in your config, as this drives how the apache config is constructed, here >> https://github.com/openstack/openstack-ansible- >> os_keystone/blob/master/tasks/main.yml#L51-L68 >> >> In particular, if keystone_sp.apache_mod is undefined in your config, the >> defaults assume mod_shib is required. >> >> You can also join us in the IRC channel #openstack-ansible we can debug further. >> >> Regards >> Jonathan.