Open Stack

Hello Openstackers,

I am testing the integration of OpenStack (acting as a service provider)
using Keycloak (as an identity provider) with OpenId Connect protocol. So
far everything is working, but when I enable more than one IdP, I get an
odd behavior. The “where are you from (WAYF)” process is happening twice,
one in Horizon (where the user selects the authentication provider A.K.A
IdP), and another one in Keystone via the Apache HTTPD OIDC module. I
assume this is happening because the actual application being authenticated
via OIDC is Keystone, and just afterwards, the other systems will
authenticate themselves via Keystone.

Has anybody else experienced/”dealt with” this situation? Is this by design?
Am I missing a parameter/configuration or something else?

The version of OpenStack that I am using is Rocky.

--
Rafael Weingärtner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20181128/a67d850a/attachment.html>