)]}'
{"doc/source/configure-federation-mapping.rst":[{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":50,"context_line":"  # map the role to the project and user group in the domain"},{"line_number":51,"context_line":"  openstack role add --project fedproject --group fedgroup _member_"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"To extend simply add more enteries to the list."},{"line_number":54,"context_line":"For example:"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":".. code-block:: yaml"}],"source_content_type":"text/x-rst","patch_set":2,"id":"6028bdaa_a92f624c","line":53,"range":{"start_line":53,"start_character":26,"end_line":53,"end_character":34},"updated":"2021-07-13 18:13:19.000000000","message":"spelling error","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":50,"context_line":"  # map the role to the project and user group in the domain"},{"line_number":51,"context_line":"  openstack role add --project fedproject --group fedgroup _member_"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"To extend simply add more enteries to the list."},{"line_number":54,"context_line":"For example:"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":".. code-block:: yaml"}],"source_content_type":"text/x-rst","patch_set":2,"id":"c9e79014_13cdc7c4","line":53,"range":{"start_line":53,"start_character":26,"end_line":53,"end_character":34},"in_reply_to":"6028bdaa_a92f624c","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"}],"doc/source/configure-federation-sp.rst":[{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":7,"context_line":"with ``uWSGI``."},{"line_number":8,"context_line":"The additional configuration of keystone as a federation service provider"},{"line_number":9,"context_line":"adds Apache ``mod_shib`` or ``mod_auth_openidc`` and configures it to"},{"line_number":10,"context_line":"respond to specific locations requests from a client."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":".. note::"},{"line_number":13,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"2d7fdc67_09cd92e8","line":10,"range":{"start_line":10,"start_character":11,"end_line":10,"end_character":19},"updated":"2021-07-13 18:13:19.000000000","message":"authentication specific","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":7,"context_line":"with ``uWSGI``."},{"line_number":8,"context_line":"The additional configuration of keystone as a federation service provider"},{"line_number":9,"context_line":"adds Apache ``mod_shib`` or ``mod_auth_openidc`` and configures it to"},{"line_number":10,"context_line":"respond to specific locations requests from a client."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":".. note::"},{"line_number":13,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"b2a05be1_dd4c9258","line":10,"range":{"start_line":10,"start_character":20,"end_line":10,"end_character":39},"updated":"2021-07-13 18:13:19.000000000","message":"request locations","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":7,"context_line":"with ``uWSGI``."},{"line_number":8,"context_line":"The additional configuration of keystone as a federation service provider"},{"line_number":9,"context_line":"adds Apache ``mod_shib`` or ``mod_auth_openidc`` and configures it to"},{"line_number":10,"context_line":"respond to specific locations requests from a client."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":".. note::"},{"line_number":13,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"fb56d33d_00f11639","line":10,"range":{"start_line":10,"start_character":11,"end_line":10,"end_character":19},"in_reply_to":"2d7fdc67_09cd92e8","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":7,"context_line":"with ``uWSGI``."},{"line_number":8,"context_line":"The additional configuration of keystone as a federation service provider"},{"line_number":9,"context_line":"adds Apache ``mod_shib`` or ``mod_auth_openidc`` and configures it to"},{"line_number":10,"context_line":"respond to specific locations requests from a client."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":".. note::"},{"line_number":13,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"64c9958f_982f9d1c","line":10,"range":{"start_line":10,"start_character":20,"end_line":10,"end_character":39},"in_reply_to":"b2a05be1_dd4c9258","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":13,"context_line":""},{"line_number":14,"context_line":"   There are alternative methods of implementing"},{"line_number":15,"context_line":"   federation, but at this time only SAML2-based federation using"},{"line_number":16,"context_line":"   the Shibboleth SP or OIDC-based federation using mod_auth_openidc are"},{"line_number":17,"context_line":"   instrumented in Openstack-Ansible. Currently only one of these apache"},{"line_number":18,"context_line":"   modules is supported at a time, with a single trusted IdP in the"},{"line_number":19,"context_line":"   keystone_sp.trusted_idp_list."}],"source_content_type":"text/x-rst","patch_set":2,"id":"34e5a9bb_5fd22117","line":16,"range":{"start_line":16,"start_character":20,"end_line":16,"end_character":21},"updated":"2021-07-13 18:13:19.000000000","message":"via \u0027whatever-the-apache-module-name-is\u0027","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":13,"context_line":""},{"line_number":14,"context_line":"   There are alternative methods of implementing"},{"line_number":15,"context_line":"   federation, but at this time only SAML2-based federation using"},{"line_number":16,"context_line":"   the Shibboleth SP or OIDC-based federation using mod_auth_openidc are"},{"line_number":17,"context_line":"   instrumented in Openstack-Ansible. Currently only one of these apache"},{"line_number":18,"context_line":"   modules is supported at a time, with a single trusted IdP in the"},{"line_number":19,"context_line":"   keystone_sp.trusted_idp_list."}],"source_content_type":"text/x-rst","patch_set":2,"id":"4447f4b9_99ea13a1","line":16,"range":{"start_line":16,"start_character":20,"end_line":16,"end_character":21},"in_reply_to":"34e5a9bb_5fd22117","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":14,"context_line":"   There are alternative methods of implementing"},{"line_number":15,"context_line":"   federation, but at this time only SAML2-based federation using"},{"line_number":16,"context_line":"   the Shibboleth SP or OIDC-based federation using mod_auth_openidc are"},{"line_number":17,"context_line":"   instrumented in Openstack-Ansible. Currently only one of these apache"},{"line_number":18,"context_line":"   modules is supported at a time, with a single trusted IdP in the"},{"line_number":19,"context_line":"   keystone_sp.trusted_idp_list."},{"line_number":20,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"b6446aa2_44e51cfa","line":17,"range":{"start_line":17,"start_character":3,"end_line":17,"end_character":15},"updated":"2021-07-13 18:13:19.000000000","message":"supported","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":14,"context_line":"   There are alternative methods of implementing"},{"line_number":15,"context_line":"   federation, but at this time only SAML2-based federation using"},{"line_number":16,"context_line":"   the Shibboleth SP or OIDC-based federation using mod_auth_openidc are"},{"line_number":17,"context_line":"   instrumented in Openstack-Ansible. Currently only one of these apache"},{"line_number":18,"context_line":"   modules is supported at a time, with a single trusted IdP in the"},{"line_number":19,"context_line":"   keystone_sp.trusted_idp_list."},{"line_number":20,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"e615e30f_80dc8b80","line":17,"range":{"start_line":17,"start_character":3,"end_line":17,"end_character":15},"in_reply_to":"b6446aa2_44e51cfa","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":14,"context_line":"   There are alternative methods of implementing"},{"line_number":15,"context_line":"   federation, but at this time only SAML2-based federation using"},{"line_number":16,"context_line":"   the Shibboleth SP or OIDC-based federation using mod_auth_openidc are"},{"line_number":17,"context_line":"   instrumented in Openstack-Ansible. Currently only one of these apache"},{"line_number":18,"context_line":"   modules is supported at a time, with a single trusted IdP in the"},{"line_number":19,"context_line":"   keystone_sp.trusted_idp_list."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"When requests are sent to those locations, Apache hands off the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9473e1f8_47e53939","line":18,"range":{"start_line":17,"start_character":38,"end_line":18,"end_character":33},"updated":"2021-07-13 18:13:19.000000000","message":"you\u0027ve not mentioned two apache modules in the previous sentance","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":14,"context_line":"   There are alternative methods of implementing"},{"line_number":15,"context_line":"   federation, but at this time only SAML2-based federation using"},{"line_number":16,"context_line":"   the Shibboleth SP or OIDC-based federation using mod_auth_openidc are"},{"line_number":17,"context_line":"   instrumented in Openstack-Ansible. Currently only one of these apache"},{"line_number":18,"context_line":"   modules is supported at a time, with a single trusted IdP in the"},{"line_number":19,"context_line":"   keystone_sp.trusted_idp_list."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"When requests are sent to those locations, Apache hands off the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"403682f3_3c0921a3","line":18,"range":{"start_line":17,"start_character":38,"end_line":18,"end_character":33},"in_reply_to":"9473e1f8_47e53939","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":19,"context_line":"   keystone_sp.trusted_idp_list."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"When requests are sent to those locations, Apache hands off the"},{"line_number":22,"context_line":"request to the ``shibd`` or ``mod_auth_openidc`` service."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":".. note::"},{"line_number":25,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"e919c8a8_ad77d960","line":22,"range":{"start_line":22,"start_character":15,"end_line":22,"end_character":57},"updated":"2021-07-13 18:13:19.000000000","message":"and now the apache modules are mentioned..... the ordering of this section is a little mixed up","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":true,"context_lines":[{"line_number":19,"context_line":"   keystone_sp.trusted_idp_list."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"When requests are sent to those locations, Apache hands off the"},{"line_number":22,"context_line":"request to the ``shibd`` or ``mod_auth_openidc`` service."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":".. note::"},{"line_number":25,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"d2500404_d6141552","line":22,"range":{"start_line":22,"start_character":15,"end_line":22,"end_character":57},"in_reply_to":"e919c8a8_ad77d960","updated":"2021-07-14 18:08:52.000000000","message":"shibd is shibboleths daemon which is a part of its module, mod_shib is the modules name. I guess its a bit weird because mod_auth_openidc doesn\u0027t have a name outside of its module name, which perhaps confuses things! Hopefully my edit in the next patch makes things a little clearer.","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Service provider configuration using keystone_sp"},{"line_number":29,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":30,"context_line":"keystone_sp is a dictionary attribute which contains various settings that"},{"line_number":31,"context_line":"describe both the SP and the IDP\u0027s it trusts. The values required in"},{"line_number":32,"context_line":"keystone_sp will differ slightly between Shibboleth SAML based deployments"},{"line_number":33,"context_line":"and OIDC mod_auth_openidc deployments."}],"source_content_type":"text/x-rst","patch_set":2,"id":"256d38a6_b46042c8","line":30,"range":{"start_line":30,"start_character":28,"end_line":30,"end_character":37},"updated":"2021-07-13 18:13:19.000000000","message":"variable (it is an ansible variable?)","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Service provider configuration using keystone_sp"},{"line_number":29,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":30,"context_line":"keystone_sp is a dictionary attribute which contains various settings that"},{"line_number":31,"context_line":"describe both the SP and the IDP\u0027s it trusts. The values required in"},{"line_number":32,"context_line":"keystone_sp will differ slightly between Shibboleth SAML based deployments"},{"line_number":33,"context_line":"and OIDC mod_auth_openidc deployments."}],"source_content_type":"text/x-rst","patch_set":2,"id":"fa4bf1b5_7e0a5048","line":30,"range":{"start_line":30,"start_character":28,"end_line":30,"end_character":37},"in_reply_to":"256d38a6_b46042c8","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":28,"context_line":"Service provider configuration using keystone_sp"},{"line_number":29,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":30,"context_line":"keystone_sp is a dictionary attribute which contains various settings that"},{"line_number":31,"context_line":"describe both the SP and the IDP\u0027s it trusts. The values required in"},{"line_number":32,"context_line":"keystone_sp will differ slightly between Shibboleth SAML based deployments"},{"line_number":33,"context_line":"and OIDC mod_auth_openidc deployments."},{"line_number":34,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"77601d56_c9db515b","line":31,"range":{"start_line":31,"start_character":29,"end_line":31,"end_character":34},"updated":"2021-07-13 18:13:19.000000000","message":"IDPs","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":28,"context_line":"Service provider configuration using keystone_sp"},{"line_number":29,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":30,"context_line":"keystone_sp is a dictionary attribute which contains various settings that"},{"line_number":31,"context_line":"describe both the SP and the IDP\u0027s it trusts. The values required in"},{"line_number":32,"context_line":"keystone_sp will differ slightly between Shibboleth SAML based deployments"},{"line_number":33,"context_line":"and OIDC mod_auth_openidc deployments."},{"line_number":34,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"2842358b_e5802bdf","line":31,"range":{"start_line":31,"start_character":29,"end_line":31,"end_character":34},"in_reply_to":"77601d56_c9db515b","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":35,"context_line":"The following settings can be set to configure a service provider (SP)"},{"line_number":36,"context_line":"for both SAML or OIDC deployments:"},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"#. ``apache_mod`` can be used to switch between Shibboleth and"},{"line_number":39,"context_line":"   mod_auth_openidc. If left undefined or misspelled Shibboleth will"},{"line_number":40,"context_line":"   be used by default. Valid values are \u0027shibboleth\u0027 or \u0027mod_auth_openidc\u0027."},{"line_number":41,"context_line":"   (Optional)"}],"source_content_type":"text/x-rst","patch_set":2,"id":"74328ac5_31f91b76","line":38,"range":{"start_line":38,"start_character":48,"end_line":38,"end_character":58},"updated":"2021-07-13 18:13:19.000000000","message":"this is a auth method....","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":35,"context_line":"The following settings can be set to configure a service provider (SP)"},{"line_number":36,"context_line":"for both SAML or OIDC deployments:"},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"#. ``apache_mod`` can be used to switch between Shibboleth and"},{"line_number":39,"context_line":"   mod_auth_openidc. If left undefined or misspelled Shibboleth will"},{"line_number":40,"context_line":"   be used by default. Valid values are \u0027shibboleth\u0027 or \u0027mod_auth_openidc\u0027."},{"line_number":41,"context_line":"   (Optional)"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3e613ab2_3b3e31e0","line":38,"range":{"start_line":38,"start_character":48,"end_line":38,"end_character":58},"in_reply_to":"74328ac5_31f91b76","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":36,"context_line":"for both SAML or OIDC deployments:"},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"#. ``apache_mod`` can be used to switch between Shibboleth and"},{"line_number":39,"context_line":"   mod_auth_openidc. If left undefined or misspelled Shibboleth will"},{"line_number":40,"context_line":"   be used by default. Valid values are \u0027shibboleth\u0027 or \u0027mod_auth_openidc\u0027."},{"line_number":41,"context_line":"   (Optional)"},{"line_number":42,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"414e7208_1fe98609","line":39,"range":{"start_line":39,"start_character":3,"end_line":39,"end_character":19},"updated":"2021-07-13 18:13:19.000000000","message":"...but this is an apache module name","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":36,"context_line":"for both SAML or OIDC deployments:"},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"#. ``apache_mod`` can be used to switch between Shibboleth and"},{"line_number":39,"context_line":"   mod_auth_openidc. If left undefined or misspelled Shibboleth will"},{"line_number":40,"context_line":"   be used by default. Valid values are \u0027shibboleth\u0027 or \u0027mod_auth_openidc\u0027."},{"line_number":41,"context_line":"   (Optional)"},{"line_number":42,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"66ae3bd6_76f790d4","line":39,"range":{"start_line":39,"start_character":3,"end_line":39,"end_character":19},"in_reply_to":"414e7208_1fe98609","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":46,"context_line":"   `keystone developer documentation"},{"line_number":47,"context_line":"   \u003chttps://docs.openstack.org/keystone/latest/admin/event_notifications\u003e`_."},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"#. ``cadf_notifications_opt_out`` modify CADF notifications when they are on."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"#. ``trusted_dashboard_list`` designates the list of trusted URLs that"},{"line_number":52,"context_line":"   keystone accepts redirects for Web Single-Sign. This"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bcde6c6c_af8be02e","line":49,"range":{"start_line":49,"start_character":34,"end_line":49,"end_character":76},"updated":"2021-07-13 18:13:19.000000000","message":"A short explanation of why the filtering (modify? what do you mean actually?) is useful should go here","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":46,"context_line":"   `keystone developer documentation"},{"line_number":47,"context_line":"   \u003chttps://docs.openstack.org/keystone/latest/admin/event_notifications\u003e`_."},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"#. ``cadf_notifications_opt_out`` modify CADF notifications when they are on."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"#. ``trusted_dashboard_list`` designates the list of trusted URLs that"},{"line_number":52,"context_line":"   keystone accepts redirects for Web Single-Sign. This"}],"source_content_type":"text/x-rst","patch_set":2,"id":"101e907a_44fbc773","line":49,"range":{"start_line":49,"start_character":34,"end_line":49,"end_character":76},"in_reply_to":"bcde6c6c_af8be02e","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":48,"context_line":""},{"line_number":49,"context_line":"#. ``cadf_notifications_opt_out`` modify CADF notifications when they are on."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"#. ``trusted_dashboard_list`` designates the list of trusted URLs that"},{"line_number":52,"context_line":"   keystone accepts redirects for Web Single-Sign. This"},{"line_number":53,"context_line":"   list contains all URLs that horizon is presented on,"},{"line_number":54,"context_line":"   suffixed by ``/auth/websso/``. This is the path for horizon\u0027s WebSSO"},{"line_number":55,"context_line":"   component."}],"source_content_type":"text/x-rst","patch_set":2,"id":"f0a4dd9c_94546eb0","line":52,"range":{"start_line":51,"start_character":45,"end_line":52,"end_character":49},"updated":"2021-07-13 18:13:19.000000000","message":"list of trusted redirect URLs that keystone accepts for Web Single-Sign-On","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":48,"context_line":""},{"line_number":49,"context_line":"#. ``cadf_notifications_opt_out`` modify CADF notifications when they are on."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"#. ``trusted_dashboard_list`` designates the list of trusted URLs that"},{"line_number":52,"context_line":"   keystone accepts redirects for Web Single-Sign. This"},{"line_number":53,"context_line":"   list contains all URLs that horizon is presented on,"},{"line_number":54,"context_line":"   suffixed by ``/auth/websso/``. This is the path for horizon\u0027s WebSSO"},{"line_number":55,"context_line":"   component."}],"source_content_type":"text/x-rst","patch_set":2,"id":"81bf71b7_9c593dfc","line":52,"range":{"start_line":51,"start_character":45,"end_line":52,"end_character":49},"in_reply_to":"f0a4dd9c_94546eb0","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":55,"context_line":"   component."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"#. ``trusted_idp_list`` is a dictionary attribute containing the list"},{"line_number":58,"context_line":"   of settings which pertain to each trusted IDP for the SP."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"The following are attributes that can be set on an entry in the"},{"line_number":61,"context_line":"``trusted_idp_list``. Note while trusted_idp_list is a list, it can currently"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9f587960_9fd6e7b4","line":58,"range":{"start_line":58,"start_character":21,"end_line":58,"end_character":28},"updated":"2021-07-13 18:13:19.000000000","message":"correspond","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":55,"context_line":"   component."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"#. ``trusted_idp_list`` is a dictionary attribute containing the list"},{"line_number":58,"context_line":"   of settings which pertain to each trusted IDP for the SP."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"The following are attributes that can be set on an entry in the"},{"line_number":61,"context_line":"``trusted_idp_list``. Note while trusted_idp_list is a list, it can currently"}],"source_content_type":"text/x-rst","patch_set":2,"id":"a149e0fc_bc5394a2","line":58,"range":{"start_line":58,"start_character":21,"end_line":58,"end_character":28},"in_reply_to":"9f587960_9fd6e7b4","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":61,"context_line":"``trusted_idp_list``. Note while trusted_idp_list is a list, it can currently"},{"line_number":62,"context_line":"only support one entry."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"#. ``name`` is IDP\u0027s name. Configure this in"},{"line_number":65,"context_line":"    in keystone and list in horizon\u0027s login selection."},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"#. ``display_name`` an alternative name for your IDP to be displayed on"},{"line_number":68,"context_line":"   Horizon, should your name attribute not be user friendly. (Optional)"}],"source_content_type":"text/x-rst","patch_set":2,"id":"480a7722_8567b397","line":65,"range":{"start_line":64,"start_character":27,"end_line":65,"end_character":53},"updated":"2021-07-13 18:13:19.000000000","message":"is this an instruction to the deployer, or something that is done by setting this var? not clear.","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":true,"context_lines":[{"line_number":61,"context_line":"``trusted_idp_list``. Note while trusted_idp_list is a list, it can currently"},{"line_number":62,"context_line":"only support one entry."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"#. ``name`` is IDP\u0027s name. Configure this in"},{"line_number":65,"context_line":"    in keystone and list in horizon\u0027s login selection."},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"#. ``display_name`` an alternative name for your IDP to be displayed on"},{"line_number":68,"context_line":"   Horizon, should your name attribute not be user friendly. (Optional)"}],"source_content_type":"text/x-rst","patch_set":2,"id":"b4169060_847db00d","line":65,"range":{"start_line":64,"start_character":27,"end_line":65,"end_character":53},"in_reply_to":"480a7722_8567b397","updated":"2021-07-14 18:08:52.000000000","message":"Removed this - you\u0027re right in that it is not clear.","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":67,"context_line":"#. ``display_name`` an alternative name for your IDP to be displayed on"},{"line_number":68,"context_line":"   Horizon, should your name attribute not be user friendly. (Optional)"},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"#. ``domain_id`` is the domain the IDP will be created in. By default new IDPs"},{"line_number":71,"context_line":"   get created in their own autogenerated domain. (Optional)"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"#. ``entity_ids`` is a list of reference entity IDs. This specify\u0027s the"},{"line_number":74,"context_line":"    redirection of the login request to the SP when authenticating to"}],"source_content_type":"text/x-rst","patch_set":2,"id":"316227fe_05f6ae61","line":71,"range":{"start_line":70,"start_character":3,"end_line":71,"end_character":60},"updated":"2021-07-13 18:13:19.000000000","message":"what happens if this is not set? \u0027Default\u0027 domain?","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":true,"context_lines":[{"line_number":67,"context_line":"#. ``display_name`` an alternative name for your IDP to be displayed on"},{"line_number":68,"context_line":"   Horizon, should your name attribute not be user friendly. (Optional)"},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"#. ``domain_id`` is the domain the IDP will be created in. By default new IDPs"},{"line_number":71,"context_line":"   get created in their own autogenerated domain. (Optional)"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"#. ``entity_ids`` is a list of reference entity IDs. This specify\u0027s the"},{"line_number":74,"context_line":"    redirection of the login request to the SP when authenticating to"}],"source_content_type":"text/x-rst","patch_set":2,"id":"67f4c90b_765c2ff5","line":71,"range":{"start_line":70,"start_character":3,"end_line":71,"end_character":60},"in_reply_to":"316227fe_05f6ae61","updated":"2021-07-14 18:08:52.000000000","message":"Hopefully my edit in the next patch makes things a little clearer.","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":210,"context_line":"   expects SSL URL\u0027s in the assertions (otherwise it will invalidate"},{"line_number":211,"context_line":"   the assertions)."},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"#. Most professional IDPs such as ADFS and Google require that a trusted"},{"line_number":214,"context_line":"   SP have a trusted certificate that is not self-signed."},{"line_number":215,"context_line":""},{"line_number":216,"context_line":"#. Ensure the endpoint URI and the certificate match when using SSL for the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"2a6cfa87_89a9730d","line":213,"range":{"start_line":213,"start_character":43,"end_line":213,"end_character":49},"updated":"2021-07-13 18:13:19.000000000","message":"is there a google auth product name here rather than just \u0027Google\u0027?","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":true,"context_lines":[{"line_number":210,"context_line":"   expects SSL URL\u0027s in the assertions (otherwise it will invalidate"},{"line_number":211,"context_line":"   the assertions)."},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"#. Most professional IDPs such as ADFS and Google require that a trusted"},{"line_number":214,"context_line":"   SP have a trusted certificate that is not self-signed."},{"line_number":215,"context_line":""},{"line_number":216,"context_line":"#. Ensure the endpoint URI and the certificate match when using SSL for the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"2921772f_3233768c","line":213,"range":{"start_line":213,"start_character":43,"end_line":213,"end_character":49},"in_reply_to":"2a6cfa87_89a9730d","updated":"2021-07-14 18:08:52.000000000","message":"It\u0027s just called Google IDP, so I think this is clear enough.","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":239,"context_line":"          - identity.authenticate.pending"},{"line_number":240,"context_line":"          - identity.authenticate.success"},{"line_number":241,"context_line":"        trusted_dashboard_list:"},{"line_number":242,"context_line":"          - \"https://{{ horizon_server_name }}/auth/websso/\""},{"line_number":243,"context_line":"          - \"https://{{ external_lb_vip_address }}/auth/websso/\""},{"line_number":244,"context_line":"        trusted_idp_list:"},{"line_number":245,"context_line":"          - name: \"keystone-idp\""},{"line_number":246,"context_line":"            entity_ids:"}],"source_content_type":"text/x-rst","patch_set":2,"id":"0adcecca_3fbd4942","line":243,"range":{"start_line":242,"start_character":0,"end_line":243,"end_character":64},"updated":"2021-07-13 18:13:19.000000000","message":"seems subtle and perhaps should be called out in the text - i\u0027m not sure what horizon_server_name should be for a deployment which is different to external_lb_vip_address\n\nThis is where there is one horizon and many k2k federated clouds?","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":true,"context_lines":[{"line_number":239,"context_line":"          - identity.authenticate.pending"},{"line_number":240,"context_line":"          - identity.authenticate.success"},{"line_number":241,"context_line":"        trusted_dashboard_list:"},{"line_number":242,"context_line":"          - \"https://{{ horizon_server_name }}/auth/websso/\""},{"line_number":243,"context_line":"          - \"https://{{ external_lb_vip_address }}/auth/websso/\""},{"line_number":244,"context_line":"        trusted_idp_list:"},{"line_number":245,"context_line":"          - name: \"keystone-idp\""},{"line_number":246,"context_line":"            entity_ids:"}],"source_content_type":"text/x-rst","patch_set":2,"id":"a35f46b4_7550cbab","line":243,"range":{"start_line":242,"start_character":0,"end_line":243,"end_character":64},"in_reply_to":"0adcecca_3fbd4942","updated":"2021-07-14 18:08:52.000000000","message":"Keystone docs write for trusted_dashboards \"Specify URLs of trusted horizon servers. This value may be repeated multiple times. This setting ensures that keystone only sends token data back to trusted servers. This is performed as a precaution, specifically to prevent man-in-the-middle (MITM) attacks.\"\n\nSo if you have clouds A and B, where keystone A is acting as IDP to keystone B, I believe keystone A must be aware of horizon B. So in the trusted_dashboard_list for keystone A you\u0027d have both URLs for dns/ips of horizon A \u0026 horizon B. Considering we\u0027ve not deployed k2k I\u0027m not 100% on any of it, especially when it comes to one horizon supporting multiple clouds!\n\nI also think the intention of listing both the DNS name and IP here is to show that if you\u0027ve not configured DNS that it should be an IP addr (but maybe that is too obvious).\n\nFeel free to pick this one up with me in person.","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":296,"context_line":"#. ``oidc_client_secret`` is the Client secret used in calls to the"},{"line_number":297,"context_line":"   statically configured OpenID Connect Provider."},{"line_number":298,"context_line":""},{"line_number":299,"context_line":"#. ``oidc_crypto_passphrase`` the crypto passphrase is a password for"},{"line_number":300,"context_line":"   crypto purposes."},{"line_number":301,"context_line":""},{"line_number":302,"context_line":"#. ``oidc_redirect_uri`` is the redirect_uri for this OpenID Connect"},{"line_number":303,"context_line":"   client; this is a vanity URL that must ONLY point to a path on your"}],"source_content_type":"text/x-rst","patch_set":2,"id":"e5d1a853_ecbbc53a","line":300,"range":{"start_line":299,"start_character":3,"end_line":300,"end_character":19},"updated":"2021-07-13 18:13:19.000000000","message":"is this is a random password generated by the deployer and used only in the OIDC setup in keystone_sp? Are there any restrictions on the format / number of characters?","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":true,"context_lines":[{"line_number":296,"context_line":"#. ``oidc_client_secret`` is the Client secret used in calls to the"},{"line_number":297,"context_line":"   statically configured OpenID Connect Provider."},{"line_number":298,"context_line":""},{"line_number":299,"context_line":"#. ``oidc_crypto_passphrase`` the crypto passphrase is a password for"},{"line_number":300,"context_line":"   crypto purposes."},{"line_number":301,"context_line":""},{"line_number":302,"context_line":"#. ``oidc_redirect_uri`` is the redirect_uri for this OpenID Connect"},{"line_number":303,"context_line":"   client; this is a vanity URL that must ONLY point to a path on your"}],"source_content_type":"text/x-rst","patch_set":2,"id":"69c9c2f4_72b139e0","line":300,"range":{"start_line":299,"start_character":3,"end_line":300,"end_character":19},"in_reply_to":"e5d1a853_ecbbc53a","updated":"2021-07-14 18:08:52.000000000","message":"I\u0027ve hopefully added a bit more to make this clearer what this password is used for. Unfortunately mod_auth_openidc have very little to say on it in terms of restrictions/format. I think they just expect common sense here.","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":316,"context_line":"#. ``oidc_auth_verify_jwks_uri`` is the URL on which the signing keys"},{"line_number":317,"context_line":"   for this OP are hosted, in JWK formatting (Optional)"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"#. ``oidc_outgoing_proxy`` Specify an outgoing proxy for your network."},{"line_number":320,"context_line":"   (Optional)"},{"line_number":321,"context_line":""},{"line_number":322,"context_line":"#. ``oidc_state_max_number_of_cookies`` can be used to specify the"},{"line_number":323,"context_line":"   maximum number of state cookies i.e. the maximum number of parallel"}],"source_content_type":"text/x-rst","patch_set":2,"id":"262d6812_414eff5a","line":320,"range":{"start_line":319,"start_character":0,"end_line":320,"end_character":13},"updated":"2021-07-13 18:13:19.000000000","message":"typically used to allow the necessary outgoing requests from keystone to the IDP in non routed environments","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":316,"context_line":"#. ``oidc_auth_verify_jwks_uri`` is the URL on which the signing keys"},{"line_number":317,"context_line":"   for this OP are hosted, in JWK formatting (Optional)"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"#. ``oidc_outgoing_proxy`` Specify an outgoing proxy for your network."},{"line_number":320,"context_line":"   (Optional)"},{"line_number":321,"context_line":""},{"line_number":322,"context_line":"#. ``oidc_state_max_number_of_cookies`` can be used to specify the"},{"line_number":323,"context_line":"   maximum number of state cookies i.e. the maximum number of parallel"}],"source_content_type":"text/x-rst","patch_set":2,"id":"47167d12_4d630c39","line":320,"range":{"start_line":319,"start_character":0,"end_line":320,"end_character":13},"in_reply_to":"262d6812_414eff5a","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":353,"context_line":"          - identity.authenticate.pending"},{"line_number":354,"context_line":"          - identity.authenticate.success"},{"line_number":355,"context_line":"        trusted_dashboard_list:"},{"line_number":356,"context_line":"          - \"https://{{ horizon_server_name }}/auth/websso/\""},{"line_number":357,"context_line":"          - \"https://{{ external_lb_vip_address }}/auth/websso/\""},{"line_number":358,"context_line":"        trusted_idp_list:"},{"line_number":359,"context_line":"          - name: \"oidc-idp\""},{"line_number":360,"context_line":"            oidc_provider_metadata_url: https://identity-provider/.well-known/openid-configuration"}],"source_content_type":"text/x-rst","patch_set":2,"id":"076f860e_4c449967","line":357,"range":{"start_line":356,"start_character":0,"end_line":357,"end_character":64},"updated":"2021-07-13 18:13:19.000000000","message":"again this is subtle and should be explained","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"1b97781158da8bcfbd116030d9aa0650970fc17c","unresolved":true,"context_lines":[{"line_number":361,"context_line":"            oidc_client_id: keystone"},{"line_number":362,"context_line":"            oidc_client_secret: \u003cSECRET\u003e"},{"line_number":363,"context_line":"            oidc_crypto_passphrase: \u003cRANDOM STRING\u003e"},{"line_number":364,"context_line":"            oidc_redirect_uri: https://keystone:5000/v3/OS-FEDERATION/identity_providers/oidc-idp/protocols/openid/auth"},{"line_number":365,"context_line":"            oidc_auth_request_params: param\u003dsome+url+encoded+value\u0026param2\u003dand+another+one"},{"line_number":366,"context_line":"            entity_ids:"},{"line_number":367,"context_line":"              - \u0027https://identity-provider/openid-endpoint/\u0027"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f19ed5a_72ac8a59","line":364,"range":{"start_line":364,"start_character":39,"end_line":364,"end_character":47},"updated":"2021-07-13 18:13:19.000000000","message":"how is this different from external_lb_vip_address?","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"},{"author":{"_account_id":29865,"name":"Georgina Shippey","email":"georgina.shippey@outlook.com","username":"gshippey"},"change_message_id":"0678335c0912d2c7de57be911f66cc5dbc5e8e44","unresolved":false,"context_lines":[{"line_number":361,"context_line":"            oidc_client_id: keystone"},{"line_number":362,"context_line":"            oidc_client_secret: \u003cSECRET\u003e"},{"line_number":363,"context_line":"            oidc_crypto_passphrase: \u003cRANDOM STRING\u003e"},{"line_number":364,"context_line":"            oidc_redirect_uri: https://keystone:5000/v3/OS-FEDERATION/identity_providers/oidc-idp/protocols/openid/auth"},{"line_number":365,"context_line":"            oidc_auth_request_params: param\u003dsome+url+encoded+value\u0026param2\u003dand+another+one"},{"line_number":366,"context_line":"            entity_ids:"},{"line_number":367,"context_line":"              - \u0027https://identity-provider/openid-endpoint/\u0027"}],"source_content_type":"text/x-rst","patch_set":2,"id":"15470a7e_d7e6bb1f","line":364,"range":{"start_line":364,"start_character":39,"end_line":364,"end_character":47},"in_reply_to":"3f19ed5a_72ac8a59","updated":"2021-07-14 18:08:52.000000000","message":"Done","commit_id":"8f3c0536c1d710bdd594b6b6a1492c9a14cd22e4"}]}