Add possibility to configure OIDCClaimDelimiter
Related-Prod: PROD-36953
Change-Id: Id0003ac5302e91ed0f9c2976b7c5d61de5b5f344
diff --git a/README.rst b/README.rst
index 2e8aaaa..b36c391 100644
--- a/README.rst
+++ b/README.rst
@@ -532,6 +532,7 @@
remote_id_attribute: HTTP_OIDC_ISS
remote_id_attribute_value: https://accounts.google.com
oidc_claim_prefix: "OIDC-"
+ oidc_claim_delimiter: ;
oidc_response_type: id_token
oidc_scope: "openid email profile"
oidc_provider_metadata_url: https://accounts.google.com/.well-known/openid-configuration
diff --git a/keystone/files/pike/wsgi-keystone.conf b/keystone/files/pike/wsgi-keystone.conf
index 2d320af..ff062d9 100644
--- a/keystone/files/pike/wsgi-keystone.conf
+++ b/keystone/files/pike/wsgi-keystone.conf
@@ -2,6 +2,7 @@
{%- set site = salt['pillar.get']('apache:server:site:'+site_name) %}
{% macro setup_oidc() -%}
SetEnv HTTP_OIDC_ISS {{ server.federation.oidc.remote_id_attribute_value }}
+ OIDCClaimDelimiter {{ server.federation.oidc.get("oidc_claim_delimiter", ";") }}
{% if server.federation.oidc.oidc_claim_prefix is defined %}
OIDCClaimPrefix "{{ server.federation.oidc.oidc_claim_prefix }}"
{%- endif %}
diff --git a/keystone/files/queens/wsgi-keystone.conf b/keystone/files/queens/wsgi-keystone.conf
index 2d320af..ff062d9 100644
--- a/keystone/files/queens/wsgi-keystone.conf
+++ b/keystone/files/queens/wsgi-keystone.conf
@@ -2,6 +2,7 @@
{%- set site = salt['pillar.get']('apache:server:site:'+site_name) %}
{% macro setup_oidc() -%}
SetEnv HTTP_OIDC_ISS {{ server.federation.oidc.remote_id_attribute_value }}
+ OIDCClaimDelimiter {{ server.federation.oidc.get("oidc_claim_delimiter", ";") }}
{% if server.federation.oidc.oidc_claim_prefix is defined %}
OIDCClaimPrefix "{{ server.federation.oidc.oidc_claim_prefix }}"
{%- endif %}