[OpenStack-Infra] Pholio Spec 340641

Craige McWhirter craige at mcwhirter.com.au
Wed Aug 10 23:58:58 UTC 2016


On Wed, Aug 10, 2016 at 08:47:00AM -0300, Sebastian Marcet wrote:
>    Craige greetings - 
>    what you are depicting
>    on [1]https://storyboard.openstack.org/#!/story/2000694
>    its the correct behavior, after you perform
>    curl -k [2]https://openstackid.org/ | grep discovery <meta
>    http-equiv="X-XRDS-Location"
>    content="[3]https://openstackid.org/discovery" />
>    curl -k [4]https://openstackid.org/discovery | grep URI
>    <URI>[5]https://openstackid.org/accounts/openid2</URI>
>    you already have the discovery info ( yadis doc) and the openid endpoint :
>    [6]https://openstackid.org/accounts/openid2
>    you dont have to do a GET request against that endpoint, BC otherwise u
>    will get the 404, u need to perform an openid 2.0 valid request doing a
>    POST
>    like depicted
>    here [7]https://openid.net/specs/openid-authentication-2_0.html#associations

Thank you for clarifying where my testing was wrong. Greatly appreciated.

>    however, to configure the apache mod
>    inside your vhost configuration you should have something like this
>     <Location />
>            AuthType OpenID
>            require valid-user
>            AuthOpenIDTrusted ^[8]https://openstackid-dev.openstack.org
>            AuthOpenIDSingleIdP [9]https://openstackid-dev.openstack.org
>            AuthOpenIDSecureCookie Off  # off for now
>            AuthOpenIDAXRequire email [10]http://axschema.org/contact/email .+
>            AuthOpenIDAXUsername email
>    </Location>

My current vhost config[1] (line 58) currently has significantly fewer options
than your example above but works with login.ubuntu.com. I'll try it with your
suggested additions and see how I go.

Thank you.

[1] https://review.openstack.org/#/c/342481/22/templates/vhost.erb

--
Craige McWhirter
M: +61 4685 91819
W: https://mcwhirter.com.au/
GNUSocial: https://social.mcwhirter.io/craige
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20160811/f5cf3c04/attachment.pgp>


More information about the OpenStack-Infra mailing list