1981269 – Federation with OpenID Connect disables some default auth methods in Keystone

Bug 1981269 - Federation with OpenID Connect disables some default auth methods in Keystone [NEEDINFO]

Summary: Federation with OpenID Connect disables some default auth methods in Keystone

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	16.1 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	z2
Target Release:	17.1
Assignee:	Dave Wilde
QA Contact:	Joe H. Rahme
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-07-12 08:46 UTC by Takashi Kajinami
Modified:	2024-01-16 14:31 UTC (History)
CC List:	8 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-14.3.1-17.1.20231103010821.e7c7ce3.el9ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2024-01-16 14:31:50 UTC
Target Upstream Version:
Embargoed:
Flags:	ifrangs: needinfo? (dwilde)

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1935811	None	None	None	2021-07-12 08:47:25 UTC
OpenStack gerrit	800439	None	MERGED	Keystone: Keep default auth methods in OpenIDC Federation	2022-09-27 13:11:23 UTC
Red Hat Issue Tracker	OSP-6145	None	None	None	2021-11-15 13:08:28 UTC
Red Hat Product Errata	RHBA-2024:0209	None	None	None	2024-01-16 14:31:52 UTC

Description Takashi Kajinami 2021-07-12 08:46:19 UTC

Description of problem:

When environments/enable-federation-openidc.yaml is included to use federation with OpenID Connect, keystone accepts the following auth methods
 - password
 - token
 - openid

However the list doesn't include some methods which are enabled by default and results in disabling some methods like application_credential.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Deploy overcloud with OpenID Connect Federation enabled
2. Check keystone.conf

Actual results:
Some of the defualt auth methods like application_credential are disabled

Expected results:
Defualt auth methods are kept enabled

Additional info:

Comment 20 errata-xmlrpc 2024-01-16 14:31:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 17.1.2 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:0209

Note You need to log in before you can comment on or make changes to this bug.