From 1ff89ac42075b437be458d68293e505f2d09606d Mon Sep 17 00:00:00 2001 From: William Petit Date: Fri, 26 Aug 2022 15:16:21 +0200 Subject: [PATCH] =?UTF-8?q?Normalisation=20de=20la=20r=C3=A9=C3=A9criture?= =?UTF-8?q?=20des=20attributs=20par=20d=C3=A9faut?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- defaults/main.yml | 76 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 57 insertions(+), 19 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 30224a9..8a0f4dd 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -86,12 +86,24 @@ hydra_passwordless_smtp_use_start_tls: no hydra_passwordless_sender_address: noreply@localhost hydra_passwordless_sender_name: "[hydra-passwordless]" hydra_passwordless_attributes_rewrite_rules: - email: - - consent.session.id_token.email - email_verified: - - consent.session.id_token.email_verified - roles: - - "[]" + email: + - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null" + email_verified: + - "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false" + family_name: + - "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null" + given_name: + - "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null" + birthdate: + - "property_exists(consent.session.id_token, 'birthdate') ? consent.session.id_token.birthdate : null" + gender: + - "property_exists(consent.session.id_token, 'gender') ? consent.session.id_token.gender : null" + birthplace: + - "property_exists(consent.session.id_token, 'birthplace') ? consent.session.id_token.birthplace : null" + birthcountry: + - "property_exists(consent.session.id_token, 'birthcountry') ? consent.session.id_token.birthcountry : null" + roles: + - "property_exists(consent.session.id_token, 'roles') ? consent.session.id_token.roles : []" # Hydra SAML configuration @@ -124,7 +136,21 @@ hydra_saml_include_sp_default_attributes_policy: "yes" # en provenance de la login-app sélectionnée hydra_saml_attributes_rewrite_rules: email: - - consent.session.id_token.email + - "consent.session.id_token.email ? consent.session.id_token.email : null" + family_name: + - "consent.session.id_token.family_name ? consent.session.id_token.family_name : null" + given_name: + - "consent.session.id_token.given_name ? consent.session.id_token.given_name : null" + birthdate: + - "consent.session.id_token.given_name ? consent.session.id_token.birthdate : null" + gender: + - "consent.session.id_token.given_name ? consent.session.id_token.gender : null" + birthplace: + - "consent.session.id_token.given_name ? consent.session.id_token.birthplace : null" + birthcountry: + - "consent.session.id_token.given_name ? consent.session.id_token.birthcountry : null" + roles: + - "consent.session.id_token.roles ? consent.session.id_token.roles : null" # Entête HTTP utilisée pour identifier l'utilisateur connecté hydra_saml_subject_header: subject-id @@ -172,21 +198,23 @@ hydra_oidc_client_secret: hydra_oidc_attributes_rewrite_rules: email: - - consent.session.id_token.email + - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null" + email_verified: + - "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false" family_name: - - consent.session.id_token.family_name + - "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null" given_name: - - consent.session.id_token.given_name + - "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null" birthdate: - - consent.session.id_token.birthdate + - "property_exists(consent.session.id_token, 'birthdate') ? consent.session.id_token.birthdate : null" gender: - - consent.session.id_token.gender + - "property_exists(consent.session.id_token, 'gender') ? consent.session.id_token.gender : null" birthplace: - - consent.session.id_token.birthplace + - "property_exists(consent.session.id_token, 'birthplace') ? consent.session.id_token.birthplace : null" birthcountry: - - consent.session.id_token.birthcountry + - "property_exists(consent.session.id_token, 'birthcountry') ? consent.session.id_token.birthcountry : null" roles: - - "[]" + - "property_exists(consent.session.id_token, 'roles') ? consent.session.id_token.roles : []" # Hydra LDAP configuration @@ -197,13 +225,23 @@ hydra_ldap_app_icon_url: hydra_ldap_dev_mode: false hydra_ldap_attributes_rewrite_rules: email: - - consent.session.id_token.email + - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null" + email_verified: + - "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false" family_name: - - consent.session.id_token.family_name + - "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null" given_name: - - consent.session.id_token.given_name + - "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null" + birthdate: + - "property_exists(consent.session.id_token, 'birthdate') ? consent.session.id_token.birthdate : null" + gender: + - "property_exists(consent.session.id_token, 'gender') ? consent.session.id_token.gender : null" + birthplace: + - "property_exists(consent.session.id_token, 'birthplace') ? consent.session.id_token.birthplace : null" + birthcountry: + - "property_exists(consent.session.id_token, 'birthcountry') ? consent.session.id_token.birthcountry : null" roles: - - consent.session.id_token.roles + - "property_exists(consent.session.id_token, 'roles') ? consent.session.id_token.roles : []" hydra_ldap_endpoints: [] hydra_ldap_bind_dn: hydra_ldap_bind_password: