yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1544703] Re: webSSO URLs may not be accessible under some network configurations

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1544703@xxxxxxxxxxxxxxxxxx>
Date: Wed, 10 Oct 2018 11:33:03 -0000
Reply-to: Bug 1544703 <1544703@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/607064
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=a53f012fa1c0724ee4d532e782e6b2fe88ef8fa8
Submitter: Zuul
Branch:    master

commit a53f012fa1c0724ee4d532e782e6b2fe88ef8fa8
Author: Guang Yee <guang.yee@xxxxxxxx>
Date:   Mon Oct 1 15:30:16 2018 -0700

    support WEBSSO_KEYSTONE_URL
    
    Add a new optional WEBSSO_KEYSTONE_URL property to facilitate WEBSSO
    deployments where network segmentation is used per security requirement.
    In this case, the controllers are not reachable from public network.
    Therefore, user's browser will not be able to reach OPENSTACK_KEYSTONE_URL
    if it is set to the internal endpoint.
    
    If WEBSSO_KEYSTONE_URL is set, it will be used instead of
    OPENSTACK_KEYSTONE_URL.
    
    Change-Id: I05ea4227aa4c2cb0a73015ed7fd29cf1a96e696a
    Closes-bug: #1544703


** Changed in: horizon
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1544703

Title:
  webSSO URLs may not be accessible under some network configurations

Status in OpenStack Dashboard (Horizon):
  Fix Released

Bug description:
  WebSSO uses OPENSTACK_KEYSTONE_URL to generate URLs to point a browser
  at. Under many configurations this is fine, but in setups where there
  may be multiple networks, it can be problematic. For instance, if
  horizon is configured to talk to keystone over a network that is
  private, OPENSTACK_KEYSTONE_URL will not be reachable from a browser.
  A fuller explanation is in
  https://blueprints.launchpad.net/horizon/+spec/configurable-websso-
  keystone-url but this seems more like a bug than a feature. The upshot
  is adding a second setting to allow a separate WEBSSO keystone url.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1544703/+subscriptions

References

[Bug 1544703] [NEW] webSSO URLs may not be accessible under some network configurations
From: Steve McLellan, 2016-02-11