I have an Openstack (yoga) cluster that was installed using kolla-ansible version 14.1.0.
I'm trying to set up OpenIDConnect to login through the Horizon interface and I therefore followed this documentation.
The problem I'm experiencing is that when trying to connect via the new identity provider I set up, I get sent to this URL, which responds 404 :
http://<openstack_hostname>:5000/auth/OS-FEDERATION/identity_providers/<idp_id>/protocols/openid/websso?origin=http://<openstack_hostname>/auth/websso/
From what I can gather there is a /v3/ missing at the beginning of the path, and it should instead be :
http://<openstack_hostname>:5000/v3/auth/OS-FEDERATION/identity_providers/<idp_id>/protocols/openid/websso?origin=http://<openstack_hostname>/auth/websso/
And when I manually enter that url it successfully sends me to the identity provider to continue the login process.
I do not know where this is coming from. As far as I can tell by looking up the documentation the URL should be with a /v3/ but I do not get where this wrong URL comes from in my installation.
I also posted the question on Reddit and someone gave me the answer to this question, here it is :
There was a bug a few months ago: https://bugs.launchpad.net/kolla-ansible/+bug/2028921
The issue being one of the ansible variable is malformed in the keystone role. A fix has been published and backported up until the zed release (15.3.0)
Solution 1:
Upgrade to zed (if possible)
Solution 2:
It can be worked around by modifying the local settings template in
ansible/roles/horizon/templates/local\_settings.j2by adding the trailing /v3 to the WEBSSO_KEYSTONE_URL valueshould be the end result.