diff --git a/roles/federation/templates/federation-multirealm.conf.j2 b/roles/federation/templates/federation-multirealm.conf.j2
index 59e7af480c..4c628f15d7 100644
--- a/roles/federation/templates/federation-multirealm.conf.j2
+++ b/roles/federation/templates/federation-multirealm.conf.j2
@@ -7,34 +7,29 @@ OIDCPassClaimsAs "{{ cifmw_federation_keystone_OIDC_PassClaimsAs }}"
OIDCCryptoPassphrase "{{ cifmw_federation_keystone_OIDC_CryptoPassphrase }}"
OIDCMetadataDir "/var/lib/httpd/metadata"
OIDCRedirectURI "{{ cifmw_federation_keystone_url }}/v3/redirect_uri"
-LogLevel debug
+OIDCAuthRequestParams "prompt=login"
+LogLevel rewrite:trace3 auth_openidc:debug
-
- AuthType "openid-connect"
- Require valid-user
-
+
+
+ Header always add Set-Cookie "mod_auth_openidc_session=deleted; Path=/; Max-Age=0; HttpOnly; Secure; SameSite=None"
+
+
-
- AuthType oauth20
- Require valid-user
-
+RewriteEngine On
-
- AuthType "openid-connect"
- Require valid-user
-
+RewriteRule ^/v3/auth/OS-FEDERATION/identity_providers/({{ cifmw_federation_IdpName }}|{{ cifmw_federation_IdpName2 }})/protocols/openid/websso$ \
+ /v3/local-logout/clear [R=302,L]
-
- AuthType oauth20
- Require valid-user
-
+RewriteRule ^/v3/local-logout/clear$ \
+ /v3/auth/OS-FEDERATION/websso/openid [R=302,L,QSA,NE]
-
- Require valid-user
+
AuthType openid-connect
+ Require valid-user
-
- AuthType "openid-connect"
- Require valid-user
-
+
+ AuthType openid-connect
+ Require valid-user
+