Cadoles
/
ansible-role-sso
10
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

Normalisation de la réécriture des attributs par défaut

This commit is contained in:
wpetit 2022-08-26 15:16:21 +02:00
parent 126dbf66c2
commit 1ff89ac420
1 changed files with 57 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
defaults/main.yml
View File

@ -86,12 +86,24 @@ hydra_passwordless_smtp_use_start_tls: no
hydra_passwordless_sender_address: noreply@localhost
hydra_passwordless_sender_name: "[hydra-passwordless]"
hydra_passwordless_attributes_rewrite_rules:
email:
- consent.session.id_token.email
email_verified:
- consent.session.id_token.email_verified
roles:
- "[]"
email:
- "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
email_verified:
- "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false"
family_name:
- "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
given_name:
- "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"
birthdate:
- "property_exists(consent.session.id_token, 'birthdate') ? consent.session.id_token.birthdate : null"
gender:
- "property_exists(consent.session.id_token, 'gender') ? consent.session.id_token.gender : null"
birthplace:
- "property_exists(consent.session.id_token, 'birthplace') ? consent.session.id_token.birthplace : null"
birthcountry:
- "property_exists(consent.session.id_token, 'birthcountry') ? consent.session.id_token.birthcountry : null"
roles:
- "property_exists(consent.session.id_token, 'roles') ? consent.session.id_token.roles : []"
# Hydra SAML configuration
@ -124,7 +136,21 @@ hydra_saml_include_sp_default_attributes_policy: "yes"
# en provenance de la login-app sélectionnée
hydra_saml_attributes_rewrite_rules:
email:
- consent.session.id_token.email
- "consent.session.id_token.email ? consent.session.id_token.email : null"
family_name:
- "consent.session.id_token.family_name ? consent.session.id_token.family_name : null"
given_name:
- "consent.session.id_token.given_name ? consent.session.id_token.given_name : null"
birthdate:
- "consent.session.id_token.given_name ? consent.session.id_token.birthdate : null"
gender:
- "consent.session.id_token.given_name ? consent.session.id_token.gender : null"
birthplace:
- "consent.session.id_token.given_name ? consent.session.id_token.birthplace : null"
birthcountry:
- "consent.session.id_token.given_name ? consent.session.id_token.birthcountry : null"
roles:
- "consent.session.id_token.roles ? consent.session.id_token.roles : null"
# Entête HTTP utilisée pour identifier l'utilisateur connecté
hydra_saml_subject_header: subject-id
@ -172,21 +198,23 @@ hydra_oidc_client_secret:
hydra_oidc_attributes_rewrite_rules:
email:
- consent.session.id_token.email
- "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
email_verified:
- "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false"
family_name:
- consent.session.id_token.family_name
- "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
given_name:
- consent.session.id_token.given_name
- "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"
birthdate:
- consent.session.id_token.birthdate
- "property_exists(consent.session.id_token, 'birthdate') ? consent.session.id_token.birthdate : null"
gender:
- consent.session.id_token.gender
- "property_exists(consent.session.id_token, 'gender') ? consent.session.id_token.gender : null"
birthplace:
- consent.session.id_token.birthplace
- "property_exists(consent.session.id_token, 'birthplace') ? consent.session.id_token.birthplace : null"
birthcountry:
- consent.session.id_token.birthcountry
- "property_exists(consent.session.id_token, 'birthcountry') ? consent.session.id_token.birthcountry : null"
roles:
- "[]"
- "property_exists(consent.session.id_token, 'roles') ? consent.session.id_token.roles : []"
# Hydra LDAP configuration
@ -197,13 +225,23 @@ hydra_ldap_app_icon_url:
hydra_ldap_dev_mode: false
hydra_ldap_attributes_rewrite_rules:
email:
- consent.session.id_token.email
- "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
email_verified:
- "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false"
family_name:
- consent.session.id_token.family_name
- "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
given_name:
- consent.session.id_token.given_name
- "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"
birthdate:
- "property_exists(consent.session.id_token, 'birthdate') ? consent.session.id_token.birthdate : null"
gender:
- "property_exists(consent.session.id_token, 'gender') ? consent.session.id_token.gender : null"
birthplace:
- "property_exists(consent.session.id_token, 'birthplace') ? consent.session.id_token.birthplace : null"
birthcountry:
- "property_exists(consent.session.id_token, 'birthcountry') ? consent.session.id_token.birthcountry : null"
roles:
- consent.session.id_token.roles
- "property_exists(consent.session.id_token, 'roles') ? consent.session.id_token.roles : []"
hydra_ldap_endpoints: []
hydra_ldap_bind_dn:
hydra_ldap_bind_password: