Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

openstack federation problem

I installed two separate openstack (juno release) on centos 7 and now I want to federate them.

I copy wsgi-keystone.conf to etc/httpd/conf.d/ to add virtual host and shib configuration. This is the file:

<Location "/keystone">
    NSSRequireSSL
    Authtype none
</Location>

<VirtualHost *:5000>
   WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/keystone/main/$1
</VirtualHost>

<Location /Shibboleth.sso>
  SetHandler shib
</Location>

<Location /v3/OS-FEDERATION/identity_providers/idp_1/protocols/saml2/auth>
  ShibRequestSetting requireSession 1
  ShibRequestSetting applicationId idp_1
  AuthType shibboleth
  ShibExportAssertion Off
  Require valid-user
  <IfVersion < 2.4>
     ShibRequireSession On
     ShibRequireAll On
 </IfVersion>
</Location>

but when I restart httpd service I get this error :

Invalid command 'NSSRequireSSL', perhaps misspelled or defined by a module not included in the ser...guration

can I comment NSSRequierSSL in the file (I don't want to active ssl)? Or other solutions?

Thanks.