From 9949c2874357dca1c2e51382c65b45fe6fc1851c Mon Sep 17 00:00:00 2001
From: Mikolaj Izdebski <mizdebsk@redhat.com>
Date: Fri, 13 May 2016 15:41:35 +0000
Subject: [PATCH] Fix Koschei OpenID auth on staging

---
 roles/koschei/frontend/templates/config-frontend.cfg.j2 | 3 +++
 roles/koschei/frontend/templates/httpd.conf.j2          | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/roles/koschei/frontend/templates/config-frontend.cfg.j2 b/roles/koschei/frontend/templates/config-frontend.cfg.j2
index ae5fdd0503..db06ac17f0 100644
--- a/roles/koschei/frontend/templates/config-frontend.cfg.j2
+++ b/roles/koschei/frontend/templates/config-frontend.cfg.j2
@@ -62,6 +62,9 @@ config = {
     },
     "frontend": {
         "auto_tracking": True,
+        "auth": {
+            "user_re": "http://(.+)\\.id{{ env_prefix }}\\.fedoraproject\\.org/",
+        },
         {% if env == 'staging' %}
         # Staging copies for fedmenu
         "fedmenu_url": "https://apps.stg.fedoraproject.org/fedmenu",
diff --git a/roles/koschei/frontend/templates/httpd.conf.j2 b/roles/koschei/frontend/templates/httpd.conf.j2
index 8b5a46ab2c..078ecf1049 100644
--- a/roles/koschei/frontend/templates/httpd.conf.j2
+++ b/roles/koschei/frontend/templates/httpd.conf.j2
@@ -17,10 +17,13 @@
     </Directory>
 
 {% if env == 'staging' %}
-    <Location /login>
+    <Location /koschei/login>
         Require valid-user
         AuthType OpenID
         AuthOpenIDSingleIdP https://{{ koschei_openid_provider }}/
+        AuthOpenIDServerName https://apps{{ env_prefix }}.fedoraproject.org
+        AuthOpenIDTrustRoot https://apps{{ env_prefix }}.fedoraproject.org/koschei/
+        AuthOpenIDSecureCookie on
     </Location>
 {% endif %}
 </VirtualHost>