Rename websso to federation
Change-Id: Ib91329fcaf0f65f66bbea9ebbc68694adce7602f
diff --git a/README.rst b/README.rst
index 257037d..10d0a0c 100644
--- a/README.rst
+++ b/README.rst
@@ -333,7 +333,7 @@
- password
- token
- saml2
- websso:
+ federation:
protocol: saml2
remote_id_attribute: Shib-Identity-Provider
federation_driver: keystone.contrib.federation.backends.sql.Federation
diff --git a/keystone/files/liberty/keystone.conf.Debian b/keystone/files/liberty/keystone.conf.Debian
index 05d0493..8f8fcc2 100644
--- a/keystone/files/liberty/keystone.conf.Debian
+++ b/keystone/files/liberty/keystone.conf.Debian
@@ -309,8 +309,8 @@
{% if server.auth_methods is defined %}
methods = {{ server.auth_methods |join(',') }}
{%- endif %}
-{% if server.websso is defined %}
-{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
+{% if server.federation is defined %}
+{{ server.federation.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
# Entrypoint for the password auth plugin module in the keystone.auth.password
@@ -330,9 +330,9 @@
# namespace. (string value)
#oauth1 = <None>
-{% if server.websso is defined %}
-[{{ server.websso.protocol }}]
-remote_id_attribute = {{ server.websso.remote_id_attribute }}
+{% if server.federation is defined %}
+[{{ server.federation.protocol }}]
+remote_id_attribute = {{ server.federation.remote_id_attribute }}
{%- endif %}
[cache]
@@ -796,8 +796,8 @@
# Entrypoint for the federation backend driver in the keystone.federation
# namespace. (string value)
#driver = sql
-{% if server.websso is defined %}
-driver = {{ server.websso.federation_driver }}
+{% if server.federation is defined %}
+driver = {{ server.federation.federation_driver }}
{%- endif %}
# Value to be used when filtering assertion parameters from the environment.
@@ -821,9 +821,9 @@
# example: trusted_dashboard=http://acme.com trusted_dashboard=http://beta.com
# (multi valued)
#trusted_dashboard =
-{%- if server.websso is defined %}
-{%- if server.websso.trusted_dashboard is defined %}
-{%- for dashboard in server.websso.trusted_dashboard %}
+{%- if server.federation is defined %}
+{%- if server.federation.trusted_dashboard is defined %}
+{%- for dashboard in server.federation.trusted_dashboard %}
trusted_dashboard = {{ dashboard }}
{%- endfor %}
{%- endif %}
diff --git a/keystone/files/liberty/wsgi-keystone.conf b/keystone/files/liberty/wsgi-keystone.conf
index beaf74b..51f19d0 100644
--- a/keystone/files/liberty/wsgi-keystone.conf
+++ b/keystone/files/liberty/wsgi-keystone.conf
@@ -20,7 +20,7 @@
Require all granted
</Directory>
- {% if server.websso is defined %}
+ {% if server.federation is defined %}
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /usr/bin/keystone-wsgi-public/$1
<Location /Shibboleth.sso>
SetHandler shib
@@ -64,7 +64,7 @@
Require all granted
</Directory>
- {% if server.websso is defined %}
+ {% if server.federation is defined %}
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /usr/bin/keystone-wsgi-admin/$1
<Location /Shibboleth.sso>
SetHandler shib
diff --git a/keystone/files/mitaka/keystone.conf.Debian b/keystone/files/mitaka/keystone.conf.Debian
index 28991a4..1267de1 100644
--- a/keystone/files/mitaka/keystone.conf.Debian
+++ b/keystone/files/mitaka/keystone.conf.Debian
@@ -357,8 +357,8 @@
{% if server.auth_methods is defined %}
methods = {{ server.auth_methods |join(',') }}
{%- endif %}
-{% if server.websso is defined %}
-{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
+{% if server.federation is defined %}
+{{ server.federation.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
# Entrypoint for the password auth plugin module in the keystone.auth.password
@@ -858,8 +858,8 @@
# Entrypoint for the federation backend driver in the keystone.federation
# namespace. (string value)
#driver = sql
-{%- if server.get('websso', {}).federation_driver is defined %}
-driver = {{ server.websso.federation_driver }}
+{%- if server.get('federation', {}).federation_driver is defined %}
+driver = {{ server.federation.federation_driver }}
{%- endif %}
# Value to be used when filtering assertion parameters from the environment.
@@ -870,8 +870,8 @@
# environment (e.g. if using the mod_shib plugin this value is `Shib-Identity-
# Provider`). (string value)
#remote_id_attribute = <None>
-{%- if server.websso is defined %}
-remote_id_attribute = {{ server.websso.remote_id_attribute }}
+{%- if server.federation is defined %}
+remote_id_attribute = {{ server.federation.remote_id_attribute }}
{%- endif %}
# A domain name that is reserved to allow federated ephemeral users to have a
@@ -879,8 +879,8 @@
# this name or update an existing domain to this name. You are not advised to
# change this value unless you really have to. (string value)
#federated_domain_name = Federated
-{%- if server.get('websso', {}).federated_domain_name is defined %}
-federated_domain_name = {{ server.websso.federated_domain_name }}
+{%- if server.get('federation', {}).federated_domain_name is defined %}
+federated_domain_name = {{ server.federation.federated_domain_name }}
{%- endif %}
# A list of trusted dashboard hosts. Before accepting a Single Sign-On request
@@ -889,8 +889,8 @@
# example: trusted_dashboard=http://acme.com/auth/websso
# trusted_dashboard=http://beta.com/auth/websso (multi valued)
#trusted_dashboard =
-{%- if server.get('websso', {}).trusted_dashboard is defined %}
-{%- for dashboard in server.websso.trusted_dashboard %}
+{%- if server.get('federation', {}).trusted_dashboard is defined %}
+{%- for dashboard in server.federation.trusted_dashboard %}
trusted_dashboard = {{ dashboard }}
{%- endfor %}
{%- endif %}
diff --git a/keystone/files/mitaka/wsgi-keystone.conf b/keystone/files/mitaka/wsgi-keystone.conf
index 763672d..aff6ff3 100644
--- a/keystone/files/mitaka/wsgi-keystone.conf
+++ b/keystone/files/mitaka/wsgi-keystone.conf
@@ -29,9 +29,9 @@
</IfVersion>
</Directory>
- {% if server.websso is defined %}
- {% if server.websso.shib_url_scheme is defined %}
- ShibURLScheme {{ server.websso.shib_url_scheme }}
+ {% if server.federation is defined %}
+ {% if server.federation.shib_url_scheme is defined %}
+ ShibURLScheme {{ server.federation.shib_url_scheme }}
{%- endif %}
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /usr/bin/keystone-wsgi-public/$1
<Location /Shibboleth.sso>
@@ -85,9 +85,9 @@
</IfVersion>
</Directory>
- {% if server.websso is defined %}
- {% if server.websso.shib_url_scheme is defined %}
- ShibURLScheme {{ server.websso.shib_url_scheme }}
+ {% if server.federation is defined %}
+ {% if server.federation.shib_url_scheme is defined %}
+ ShibURLScheme {{ server.federation.shib_url_scheme }}
{%- endif %}
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /usr/bin/keystone-wsgi-admin/$1
<Location /Shibboleth.sso>
diff --git a/keystone/files/newton/keystone.conf.Debian b/keystone/files/newton/keystone.conf.Debian
index 6add60c..dfccfbf 100644
--- a/keystone/files/newton/keystone.conf.Debian
+++ b/keystone/files/newton/keystone.conf.Debian
@@ -417,8 +417,8 @@
{% if server.auth_methods is defined %}
methods = {{ server.auth_methods |join(',') }}
{%- endif %}
-{% if server.websso is defined %}
-{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
+{% if server.federation is defined %}
+{{ server.federation.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
# Entry point for the password auth plugin module in the
@@ -913,8 +913,8 @@
# namespace. Keystone only provides a `sql` driver, so there is no reason to
# set this option unless you are providing a custom entry point. (string value)
#driver = sql
-{%- if server.get('websso', {}).federation_driver is defined %}
-driver = {{ server.websso.federation_driver }}
+{%- if server.get('federation', {}).federation_driver is defined %}
+driver = {{ server.federation.federation_driver }}
{%- endif %}
# Prefix to use when filtering environment variable names for federated
@@ -927,8 +927,8 @@
# `mod_auth_openidc`, this could be `HTTP_OIDC_ISS`. For `mod_auth_mellon`,
# this could be `MELLON_IDP`. (string value)
#remote_id_attribute = <None>
-{%- if server.websso is defined %}
-remote_id_attribute = {{ server.websso.remote_id_attribute }}
+{%- if server.federation is defined %}
+remote_id_attribute = {{ server.federation.remote_id_attribute }}
{%- endif %}
# An arbitrary domain name that is reserved to allow federated ephemeral users
@@ -936,8 +936,8 @@
# domain with this name or update an existing domain to this name. You are not
# advised to change this value unless you really have to. (string value)
#federated_domain_name = Federated
-{%- if server.get('websso', {}).federated_domain_name is defined %}
-federated_domain_name = {{ server.websso.federated_domain_name }}
+{%- if server.get('federation', {}).federated_domain_name is defined %}
+federated_domain_name = {{ server.federation.federated_domain_name }}
{%- endif %}
# A list of trusted dashboard hosts. Before accepting a Single Sign-On request
@@ -947,8 +947,8 @@
# trusted_dashboard=https://acme.example.com/auth/websso
# trusted_dashboard=https://beta.example.com/auth/websso (multi valued)
#trusted_dashboard =
-{%- if server.get('websso', {}).trusted_dashboard is defined %}
-{%- for dashboard in server.websso.trusted_dashboard %}
+{%- if server.get('federation', {}).trusted_dashboard is defined %}
+{%- for dashboard in server.federation.trusted_dashboard %}
trusted_dashboard = {{ dashboard }}
{%- endfor %}
{%- endif %}
diff --git a/keystone/files/newton/wsgi-keystone.conf b/keystone/files/newton/wsgi-keystone.conf
index 763672d..aff6ff3 100644
--- a/keystone/files/newton/wsgi-keystone.conf
+++ b/keystone/files/newton/wsgi-keystone.conf
@@ -29,9 +29,9 @@
</IfVersion>
</Directory>
- {% if server.websso is defined %}
- {% if server.websso.shib_url_scheme is defined %}
- ShibURLScheme {{ server.websso.shib_url_scheme }}
+ {% if server.federation is defined %}
+ {% if server.federation.shib_url_scheme is defined %}
+ ShibURLScheme {{ server.federation.shib_url_scheme }}
{%- endif %}
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /usr/bin/keystone-wsgi-public/$1
<Location /Shibboleth.sso>
@@ -85,9 +85,9 @@
</IfVersion>
</Directory>
- {% if server.websso is defined %}
- {% if server.websso.shib_url_scheme is defined %}
- ShibURLScheme {{ server.websso.shib_url_scheme }}
+ {% if server.federation is defined %}
+ {% if server.federation.shib_url_scheme is defined %}
+ ShibURLScheme {{ server.federation.shib_url_scheme }}
{%- endif %}
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /usr/bin/keystone-wsgi-admin/$1
<Location /Shibboleth.sso>
diff --git a/keystone/files/ocata/keystone.conf.Debian b/keystone/files/ocata/keystone.conf.Debian
index aa442f2..f5c5a12 100644
--- a/keystone/files/ocata/keystone.conf.Debian
+++ b/keystone/files/ocata/keystone.conf.Debian
@@ -484,8 +484,8 @@
{% if server.auth_methods is defined %}
methods = {{ server.auth_methods |join(',') }}
{%- endif %}
-{% if server.websso is defined %}
-{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
+{% if server.federation is defined %}
+{{ server.federation.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
# Entry point for the password auth plugin module in the
@@ -985,8 +985,8 @@
# namespace. Keystone only provides a `sql` driver, so there is no reason to
# set this option unless you are providing a custom entry point. (string value)
#driver = sql
-{%- if server.get('websso', {}).federation_driver is defined %}
-driver = {{ server.websso.federation_driver }}
+{%- if server.get('federation', {}).federation_driver is defined %}
+driver = {{ server.federation.federation_driver }}
{%- endif %}
# Prefix to use when filtering environment variable names for federated
@@ -999,8 +999,8 @@
# `mod_auth_openidc`, this could be `HTTP_OIDC_ISS`. For `mod_auth_mellon`,
# this could be `MELLON_IDP`. (string value)
#remote_id_attribute = <None>
-{%- if server.websso is defined %}
-remote_id_attribute = {{ server.websso.remote_id_attribute }}
+{%- if server.federation is defined %}
+remote_id_attribute = {{ server.federation.remote_id_attribute }}
{%- endif %}
# An arbitrary domain name that is reserved to allow federated ephemeral users
@@ -1008,8 +1008,8 @@
# domain with this name or update an existing domain to this name. You are not
# advised to change this value unless you really have to. (string value)
#federated_domain_name = Federated
-{%- if server.get('websso', {}).federated_domain_name is defined %}
-federated_domain_name = {{ server.websso.federated_domain_name }}
+{%- if server.get('federation', {}).federated_domain_name is defined %}
+federated_domain_name = {{ server.federation.federated_domain_name }}
{%- endif %}
# A list of trusted dashboard hosts. Before accepting a Single Sign-On request
@@ -1019,8 +1019,8 @@
# trusted_dashboard=https://acme.example.com/auth/websso
# trusted_dashboard=https://beta.example.com/auth/websso (multi valued)
#trusted_dashboard =
-{%- if server.get('websso', {}).trusted_dashboard is defined %}
-{%- for dashboard in server.websso.trusted_dashboard %}
+{%- if server.get('federation', {}).trusted_dashboard is defined %}
+{%- for dashboard in server.federation.trusted_dashboard %}
trusted_dashboard = {{ dashboard }}
{%- endfor %}
{%- endif %}
diff --git a/keystone/files/ocata/keystone.conf.RedHat b/keystone/files/ocata/keystone.conf.RedHat
index dd9a7c9..663854e 100644
--- a/keystone/files/ocata/keystone.conf.RedHat
+++ b/keystone/files/ocata/keystone.conf.RedHat
@@ -481,9 +481,9 @@
# are being invoked to validate attributes in the request environment, it can
# cause conflicts. (list value)
#methods = external,password,token,oauth1,mapped
-{% if server.websso is defined %}
-methods = external,password,token,{{ server.websso.protocol }}
-{{ server.websso.protocol }} = keystone.auth.plugins.mapped.Mapped
+{% if server.federation is defined %}
+methods = external,password,token,{{ server.federation.protocol }}
+{{ server.federation.protocol }} = keystone.auth.plugins.mapped.Mapped
{%- endif %}
# Entry point for the password auth plugin module in the
@@ -964,8 +964,8 @@
# namespace. Keystone only provides a `sql` driver, so there is no reason to
# set this option unless you are providing a custom entry point. (string value)
#driver = sql
-{%- if server.get('websso', {}).federation_driver is defined %}
-driver = {{ server.websso.federation_driver }}
+{%- if server.get('federation', {}).federation_driver is defined %}
+driver = {{ server.federation.federation_driver }}
{%- endif %}
# Prefix to use when filtering environment variable names for federated
@@ -978,8 +978,8 @@
# `mod_auth_openidc`, this could be `HTTP_OIDC_ISS`. For `mod_auth_mellon`,
# this could be `MELLON_IDP`. (string value)
#remote_id_attribute = <None>
-{%- if server.websso is defined %}
-remote_id_attribute = {{ server.websso.remote_id_attribute }}
+{%- if server.federation is defined %}
+remote_id_attribute = {{ server.federation.remote_id_attribute }}
{%- endif %}
# An arbitrary domain name that is reserved to allow federated ephemeral users
@@ -987,8 +987,8 @@
# domain with this name or update an existing domain to this name. You are not
# advised to change this value unless you really have to. (string value)
#federated_domain_name = Federated
-{%- if server.get('websso', {}).federated_domain_name is defined %}
-federated_domain_name = {{ server.websso.federated_domain_name }}
+{%- if server.get('federation', {}).federated_domain_name is defined %}
+federated_domain_name = {{ server.federation.federated_domain_name }}
{%- endif %}
# A list of trusted dashboard hosts. Before accepting a Single Sign-On request
@@ -998,8 +998,8 @@
# trusted_dashboard=https://acme.example.com/auth/websso
# trusted_dashboard=https://beta.example.com/auth/websso (multi valued)
#trusted_dashboard =
-{%- if server.get('websso', {}).trusted_dashboard is defined %}
-{%- for dashboard in server.websso.trusted_dashboard %}
+{%- if server.get('federation', {}).trusted_dashboard is defined %}
+{%- for dashboard in server.federation.trusted_dashboard %}
trusted_dashboard = {{ dashboard }}
{%- endfor %}
{%- endif %}
diff --git a/keystone/files/ocata/wsgi-keystone.conf b/keystone/files/ocata/wsgi-keystone.conf
index 763672d..aff6ff3 100644
--- a/keystone/files/ocata/wsgi-keystone.conf
+++ b/keystone/files/ocata/wsgi-keystone.conf
@@ -29,9 +29,9 @@
</IfVersion>
</Directory>
- {% if server.websso is defined %}
- {% if server.websso.shib_url_scheme is defined %}
- ShibURLScheme {{ server.websso.shib_url_scheme }}
+ {% if server.federation is defined %}
+ {% if server.federation.shib_url_scheme is defined %}
+ ShibURLScheme {{ server.federation.shib_url_scheme }}
{%- endif %}
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /usr/bin/keystone-wsgi-public/$1
<Location /Shibboleth.sso>
@@ -85,9 +85,9 @@
</IfVersion>
</Directory>
- {% if server.websso is defined %}
- {% if server.websso.shib_url_scheme is defined %}
- ShibURLScheme {{ server.websso.shib_url_scheme }}
+ {% if server.federation is defined %}
+ {% if server.federation.shib_url_scheme is defined %}
+ ShibURLScheme {{ server.federation.shib_url_scheme }}
{%- endif %}
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /usr/bin/keystone-wsgi-admin/$1
<Location /Shibboleth.sso>
diff --git a/keystone/server.sls b/keystone/server.sls
index 4e0c12d..05d10c0 100644
--- a/keystone/server.sls
+++ b/keystone/server.sls
@@ -65,7 +65,7 @@
- service: keystone_service
{%- endif %}
-{% if server.websso is defined %}
+{% if server.federation is defined %}
/etc/keystone/sso_callback_template.html:
file.managed: