)]}'
{"deployment/keystone/keystone-container-puppet.yaml":[{"author":{"_account_id":3153,"name":"Emilien Macchi","email":"emilien@redhat.com","username":"emilienm"},"change_message_id":"4f666e28c6a905c0a1d89fcb59ea35987f432c24","unresolved":false,"context_lines":[{"line_number":252,"context_line":"    description: The url that points to your OpenID Connect provider metadata"},{"line_number":253,"context_line":"  KeystoneOpenIdcCliaimDelimiter:"},{"line_number":254,"context_line":"    type: string"},{"line_number":255,"context_line":"    default: \u0027;\u0027"},{"line_number":256,"context_line":"    description: \u003e-"},{"line_number":257,"context_line":"      The claim delimiter to use when interpreting multi-value claims from"},{"line_number":258,"context_line":"      your OpenID Connect provider."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"1fa4df85_d038443e","line":255,"updated":"2020-03-02 14:21:41.000000000","message":"Would it be better to also add constraints and allowed_values? What an operator could override this parameter to?","commit_id":"65e63a5d64578810c246f8bb5c854918cf0c35c3"},{"author":{"_account_id":3153,"name":"Emilien Macchi","email":"emilien@redhat.com","username":"emilienm"},"change_message_id":"1dd2f721ab8e04f111ae0a6186b1e96eff1b0a10","unresolved":false,"context_lines":[{"line_number":252,"context_line":"    description: The url that points to your OpenID Connect provider metadata"},{"line_number":253,"context_line":"  KeystoneOpenIdcCliaimDelimiter:"},{"line_number":254,"context_line":"    type: string"},{"line_number":255,"context_line":"    default: \u0027;\u0027"},{"line_number":256,"context_line":"    description: \u003e-"},{"line_number":257,"context_line":"      The claim delimiter to use when interpreting multi-value claims from"},{"line_number":258,"context_line":"      your OpenID Connect provider."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"1fa4df85_88b9d279","line":255,"updated":"2020-03-09 23:18:50.000000000","message":"so if Keystone needs \";\", why creating a parameter?","commit_id":"65e63a5d64578810c246f8bb5c854918cf0c35c3"},{"author":{"_account_id":14369,"name":"Mark Chappell","email":"mchappel@redhat.com","username":"tremble"},"change_message_id":"f22dcf54423b29bf812befac56b0ded60324db53","unresolved":false,"context_lines":[{"line_number":252,"context_line":"    description: The url that points to your OpenID Connect provider metadata"},{"line_number":253,"context_line":"  KeystoneOpenIdcCliaimDelimiter:"},{"line_number":254,"context_line":"    type: string"},{"line_number":255,"context_line":"    default: \u0027;\u0027"},{"line_number":256,"context_line":"    description: \u003e-"},{"line_number":257,"context_line":"      The claim delimiter to use when interpreting multi-value claims from"},{"line_number":258,"context_line":"      your OpenID Connect provider."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"1fa4df85_afc879a5","line":255,"in_reply_to":"1fa4df85_d038443e","updated":"2020-03-06 11:11:40.000000000","message":"The default value is \",\", but as far as I can tell Keystone depends on this being set to \";\", so theoretically we could hard code this.  In theory you could set it to anything you want.\n\nThe SAML/Mellon equivalent \"MellonMergeEnvVars\" is explicitly called out in the Red Hat documentation as needing to be set:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html/federate_with_identity_service/steps#edit_the_mellon_configuration\n\nVarious online examples I can find explicitly set it to \";\" including \nhttps://cloud.denbi.de/wiki/cloud_admin/elixir_OIDC/\n and even the O\u0027Reilly \"Identity, Authentication and Access Management in OpenStack\" book.","commit_id":"65e63a5d64578810c246f8bb5c854918cf0c35c3"}]}