2 files changed, 14 insertions, 4 deletions

diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py
index bb2f5ba7a..bb79b27d1 100644
--- a/filter_plugins/openshift_master.py
+++ b/filter_plugins/openshift_master.py
@@ -9,6 +9,7 @@ import sys
 import yaml
 
 from ansible import errors
+from distutils.version import LooseVersion
 
 # pylint: disable=no-name-in-module,import-error
 try:
@@ -77,10 +78,19 @@ class IdentityProviderBase(object):
         self._allow_additional = True
 
     @staticmethod
-    def validate_idp_list(idp_list):
+    def validate_idp_list(idp_list, openshift_version, deployment_type):
         ''' validates a list of idps '''
         login_providers = [x.name for x in idp_list if x.login]
+
+        multiple_logins_unsupported = False
         if len(login_providers) > 1:
+            if deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise']:
+                if LooseVersion(openshift_version) < LooseVersion('3.2'):
+                    multiple_logins_unsupported = True
+            if deployment_type in ['origin']:
+                if LooseVersion(openshift_version) < LooseVersion('1.2'):
+                    multiple_logins_unsupported = True
+        if multiple_logins_unsupported:
             raise errors.AnsibleFilterError("|failed multiple providers are "
                                             "not allowed for login. login "
                                             "providers: {0}".format(', '.join(login_providers)))
@@ -461,7 +471,7 @@ class FilterModule(object):
     ''' Custom ansible filters for use by the openshift_master role'''
 
     @staticmethod
-    def translate_idps(idps, api_version):
+    def translate_idps(idps, api_version, openshift_version, deployment_type):
         ''' Translates a list of dictionaries into a valid identityProviders config '''
         idp_list = []
 
@@ -478,7 +488,7 @@ class FilterModule(object):
             idp_list.append(idp_inst)
 
 
-        IdentityProviderBase.validate_idp_list(idp_list)
+        IdentityProviderBase.validate_idp_list(idp_list, openshift_version, deployment_type)
         return yaml.safe_dump([idp.to_dict() for idp in idp_list], default_flow_style=False)
 
     @staticmethod
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index fe0784ea2..63a54a0d9 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -139,7 +139,7 @@
   - restart master api
 
 - set_fact:
-    translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1') }}"
+    translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1', openshift.common.version, openshift.common.deployment_type) }}"
 
 # TODO: add the validate parameter when there is a validation command to run
 - name: Create master config