Add semicolon claim delimiter config in apache2 plugin

Rodrigo Barbieri · Rodrigo Barbieri · commit 645eb341c4d8 · 2025-02-25T09:38:13.000Z
By default the oidc apache2 plugin uses comma, but Keystone expects a semicolon [1,2]. This is necessary when writing multi-valued data (such as OIDC-groups) for Keystone to consume. [1] https://opendev.org/openstack/keystone/src/commit/187bcad52219c2c99b572b3d5463dfa7b2128201/keystone/federation/utils.py#L515 [2] https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html#mappings-examples Closes-bug: #2085727 Change-Id: I179ac68a463866c4efaa7c9259a247bf4dc3b573 (cherry picked from commit 4b38b5e) (cherry picked from commit 8403c82) (cherry picked from commit 86f27a4)
diff --git a/templates/apache-openidc-location.conf b/templates/apache-openidc-location.conf
@@ -1,5 +1,6 @@
 {# -*- mode: apache -*- #}
 OIDCClaimPrefix "OIDC-"
+OIDCClaimDelimiter ";"
 OIDCResponseType "id_token"
 OIDCScope "openid email profile"
 
