Horizon should support an additional configurable Keystone URL for WebSSO authentication

Registered by Roxana Gherle

Summary
=======
Horizon needs to support an additional Keystone URL configuration for WebSSO authentication for cases when the configured OPENSTACK_KEYSTONE_URL in Horizon is not accessible from the external IDP.

Motivation
==========
Currently a user can set the Keystone url that Horizon will use for authenticating the user. Production deployments might have that URL set to internal Keystone endpoint for security reasons. In that case the WebSSO authentication will not work because the IDP could sit in another network and the communication with the internal keystone endpoint is impossible. Adding an additional WebSSO Keystone URL configuration will enable users to set a public Keystone URL that can be used for WebSSO authentication.

Description
=========
First we need to add an additional configuration setting OPENSTACK_WEBSSO_KEYSTONE_URL to local/local_settings.py.
This value will be used by django_openstack_auth if WebSSO is enabled, the choice for WebSSO is different than Keystone Credentials, and the value is set. If no value is set, the OPENSTACK_KEYSTONE_URL will be used.

UX
===
The end user experience should be unaffected other than optionally setting an additional configuration in local/local_settings.py.

Wireframes, Mocks, Videos and UI Markup
---------------------------------------------------------
N/A

Testing
======
In order to test this change, local/local_settings.py will have to contain OPENSTACK_WEBSSO_KEYSTONE_URL setting as well as
WEBSSO_ENABLED set to True.

Outside Dependencies
====================
django_openstack_auth will have to use this new OPENSTACK_WEBSSO_KEYSTONE_URL setting for constructing the auth_url for the websso request.

Requirements Update Required
========================
Requirement to release and update version of django_openstack_auth.

Doc Impact
=========
The doc impact of this change will be documenting the new configuration setting OPENSTACK_WEBSSO_KEYSTONE_URL and including it in the WebSSO wikis.

Blueprint information

Status:
Complete
Approver:
David Lyle
Priority:
Undefined
Drafter:
Roxana Gherle
Direction:
Needs approval
Assignee:
Roxana Gherle
Definition:
Obsolete
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
Cindy Lu

Related branches

Sprints

Whiteboard

***** 10.28.2016 [clu_] Filed as bug. Closing out.

I'm going to file this as a bug. django-openstack-auth needs a release soon, and this isn't really a feature but an oversight. https://bugs.launchpad.net/horizon/+bug/1544703

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.