Add ability to configure keystone auth methods
Change-Id: I07181595c80984c4f92d3b6c455dd01a5176e045
diff --git a/README.rst b/README.rst
index 9acaebb..c89c750 100644
--- a/README.rst
+++ b/README.rst
@@ -170,6 +170,20 @@
max_active_keys: 3
...
+Keystone auth methods
+
+.. code-block:: yaml
+
+ keystone:
+ server:
+ ...
+ auth_methods:
+ - external
+ - password
+ - token
+ - oauth1
+ ...
+
Keystone domain with LDAP backend, using SQL for role/project assignment
.. code-block:: yaml
@@ -315,6 +329,10 @@
keystone:
server:
+ auth_methods:
+ - password
+ - token
+ - saml2
websso:
protocol: saml2
remote_id_attribute: Shib-Identity-Provider
diff --git a/keystone/files/liberty/keystone.conf.Debian b/keystone/files/liberty/keystone.conf.Debian
index 9f6c9c2..05d0493 100644
--- a/keystone/files/liberty/keystone.conf.Debian
+++ b/keystone/files/liberty/keystone.conf.Debian
@@ -306,9 +306,10 @@
# Allowed authentication methods. (list value)
#methods = external,password,token,oauth1
-
+{% if server.auth_methods is defined %}
+methods = {{ server.auth_methods |join(',') }}
+{%- endif %}
{% if server.websso is defined %}
-methods = external,password,token,{{ server.websso.protocol }}
{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
diff --git a/keystone/files/mitaka/keystone.conf.Debian b/keystone/files/mitaka/keystone.conf.Debian
index 608f38a..9f9f263 100644
--- a/keystone/files/mitaka/keystone.conf.Debian
+++ b/keystone/files/mitaka/keystone.conf.Debian
@@ -354,9 +354,10 @@
# Allowed authentication methods. (list value)
#methods = external,password,token,oauth1
-
+{% if server.auth_methods is defined %}
+methods = {{ server.auth_methods |join(',') }}
+{%- endif %}
{% if server.websso is defined %}
-methods = external,password,token,{{ server.websso.protocol }}
{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
diff --git a/keystone/files/newton/keystone.conf.Debian b/keystone/files/newton/keystone.conf.Debian
index 0807960..0fcc032 100644
--- a/keystone/files/newton/keystone.conf.Debian
+++ b/keystone/files/newton/keystone.conf.Debian
@@ -414,8 +414,10 @@
# Allowed authentication methods. (list value)
#methods = external,password,token,oauth1
+{% if server.auth_methods is defined %}
+methods = {{ server.auth_methods |join(',') }}
+{%- endif %}
{% if server.websso is defined %}
-methods = external,password,token,{{ server.websso.protocol }}
{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
diff --git a/keystone/files/ocata/keystone.conf.Debian b/keystone/files/ocata/keystone.conf.Debian
index dd9a7c9..8cda74f 100644
--- a/keystone/files/ocata/keystone.conf.Debian
+++ b/keystone/files/ocata/keystone.conf.Debian
@@ -481,8 +481,10 @@
# are being invoked to validate attributes in the request environment, it can
# cause conflicts. (list value)
#methods = external,password,token,oauth1,mapped
+{% if server.auth_methods is defined %}
+methods = {{ server.auth_methods |join(',') }}
+{%- endif %}
{% if server.websso is defined %}
-methods = external,password,token,{{ server.websso.protocol }}
{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
@@ -3058,4 +3060,4 @@
# unless you are providing a custom entry point. (string value)
#driver = sql
[extra_headers]
-Distribution = Ubuntu
\ No newline at end of file
+Distribution = Ubuntu