Bug 1981269

Summary: Federation with OpenID Connect disables some default auth methods in Keystone
Product: Red Hat OpenStack Reporter: Takashi Kajinami <tkajinam>
Component: openstack-tripleo-heat-templatesAssignee: Dave Wilde <dwilde>
Status: MODIFIED --- QA Contact: Joe H. Rahme <jhakimra>
Severity: low Docs Contact:
Priority: low    
Version: 16.1 (Train)CC: dcaspin, dsedgmen, dwilde, jhajyahy, jschluet, mburns, pweeks, ramishra
Target Milestone: z2Keywords: Triaged, ZStream
Target Release: 17.1Flags: ifrangs: needinfo? (dwilde)
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-14.3.1-1.20230531200756.893037f.el9osttrunk Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Takashi Kajinami 2021-07-12 08:46:19 UTC 
Description of problem:

When environments/enable-federation-openidc.yaml is included to use federation with OpenID Connect, keystone accepts the following auth methods
 - password
 - token
 - openid

However the list doesn't include some methods which are enabled by default and results in disabling some methods like application_credential.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Deploy overcloud with OpenID Connect Federation enabled
2. Check keystone.conf

Actual results:
Some of the defualt auth methods like application_credential are disabled

Expected results:
Defualt auth methods are kept enabled

Additional info: