Configuring OpenStack Keystone to use Apache HTTPd
To allow OpenStack to use an external Identity Provider or to become an Identity Provider itself, the first thing to to is enable Keystone to use HTTPd.
Firstly, install httpd, mod_nss, mod_wsgi, and python-paste-deploy. To do so under RedHat/CentOS 6 and 7, run the following command:
yum install httpd mod_nss mod_wsgi python-paste-deploy
For other distributions, check the specific documentation of your distribution since some package names might be different.
Apache HTTPd configuration
Let's start configuring Apache HTTPd. You need to run Apache HTTPd on port 443 instead of port 8443 that is set by default. We have to change /etc/httpd/conf.d/nss.conf in two places. First of all, you need to find the following string around line 10:
Listen 8443
Then you need to substitute it with the following:
Listen 443
The other necessary change to this file is done a few lines later, where the following code appears:
<virtualhost _default_:8443="">...
