Cadoles
/
ansible-role-sso
10
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

Normalisation de la réécriture des attributs par défaut

This commit is contained in:
wpetit 2022-08-26 15:16:21 +02:00
parent 126dbf66c2
commit 1ff89ac420
1 changed files with 57 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
defaults/main.yml
View File

@ -87,11 +87,23 @@ hydra_passwordless_sender_address: noreply@localhost
hydra_passwordless_sender_name: "[hydra-passwordless]" hydra_passwordless_sender_name: "[hydra-passwordless]"
hydra_passwordless_attributes_rewrite_rules: hydra_passwordless_attributes_rewrite_rules:
email: email:
- consent.session.id_token.email - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
email_verified: email_verified:
- consent.session.id_token.email_verified - "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false"
family_name:
- "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
given_name:
- "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"
birthdate:
- "property_exists(consent.session.id_token, 'birthdate') ? consent.session.id_token.birthdate : null"
gender:
- "property_exists(consent.session.id_token, 'gender') ? consent.session.id_token.gender : null"
birthplace:
- "property_exists(consent.session.id_token, 'birthplace') ? consent.session.id_token.birthplace : null"
birthcountry:
- "property_exists(consent.session.id_token, 'birthcountry') ? consent.session.id_token.birthcountry : null"
roles: roles:
- "[]" - "property_exists(consent.session.id_token, 'roles') ? consent.session.id_token.roles : []"
# Hydra SAML configuration # Hydra SAML configuration
@ -124,7 +136,21 @@ hydra_saml_include_sp_default_attributes_policy: "yes"
# en provenance de la login-app sélectionnée # en provenance de la login-app sélectionnée
hydra_saml_attributes_rewrite_rules: hydra_saml_attributes_rewrite_rules:
email: email:
- consent.session.id_token.email - "consent.session.id_token.email ? consent.session.id_token.email : null"
family_name:
- "consent.session.id_token.family_name ? consent.session.id_token.family_name : null"
given_name:
- "consent.session.id_token.given_name ? consent.session.id_token.given_name : null"
birthdate:
- "consent.session.id_token.given_name ? consent.session.id_token.birthdate : null"
gender:
- "consent.session.id_token.given_name ? consent.session.id_token.gender : null"
birthplace:
- "consent.session.id_token.given_name ? consent.session.id_token.birthplace : null"
birthcountry:
- "consent.session.id_token.given_name ? consent.session.id_token.birthcountry : null"
roles:
- "consent.session.id_token.roles ? consent.session.id_token.roles : null"
# Entête HTTP utilisée pour identifier l'utilisateur connecté # Entête HTTP utilisée pour identifier l'utilisateur connecté
hydra_saml_subject_header: subject-id hydra_saml_subject_header: subject-id
@ -172,21 +198,23 @@ hydra_oidc_client_secret:
hydra_oidc_attributes_rewrite_rules: hydra_oidc_attributes_rewrite_rules:
email: email:
- consent.session.id_token.email - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
email_verified:
- "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false"
family_name: family_name:
- consent.session.id_token.family_name - "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
given_name: given_name:
- consent.session.id_token.given_name - "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"
birthdate: birthdate:
- consent.session.id_token.birthdate - "property_exists(consent.session.id_token, 'birthdate') ? consent.session.id_token.birthdate : null"
gender: gender:
- consent.session.id_token.gender - "property_exists(consent.session.id_token, 'gender') ? consent.session.id_token.gender : null"
birthplace: birthplace:
- consent.session.id_token.birthplace - "property_exists(consent.session.id_token, 'birthplace') ? consent.session.id_token.birthplace : null"
birthcountry: birthcountry:
- consent.session.id_token.birthcountry - "property_exists(consent.session.id_token, 'birthcountry') ? consent.session.id_token.birthcountry : null"
roles: roles:
- "[]" - "property_exists(consent.session.id_token, 'roles') ? consent.session.id_token.roles : []"
# Hydra LDAP configuration # Hydra LDAP configuration
@ -197,13 +225,23 @@ hydra_ldap_app_icon_url:
hydra_ldap_dev_mode: false hydra_ldap_dev_mode: false
hydra_ldap_attributes_rewrite_rules: hydra_ldap_attributes_rewrite_rules:
email: email:
- consent.session.id_token.email - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
email_verified:
- "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false"
family_name: family_name:
- consent.session.id_token.family_name - "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
given_name: given_name:
- consent.session.id_token.given_name - "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"
birthdate:
- "property_exists(consent.session.id_token, 'birthdate') ? consent.session.id_token.birthdate : null"
gender:
- "property_exists(consent.session.id_token, 'gender') ? consent.session.id_token.gender : null"
birthplace:
- "property_exists(consent.session.id_token, 'birthplace') ? consent.session.id_token.birthplace : null"
birthcountry:
- "property_exists(consent.session.id_token, 'birthcountry') ? consent.session.id_token.birthcountry : null"
roles: roles:
- consent.session.id_token.roles - "property_exists(consent.session.id_token, 'roles') ? consent.session.id_token.roles : []"
hydra_ldap_endpoints: [] hydra_ldap_endpoints: []
hydra_ldap_bind_dn: hydra_ldap_bind_dn:
hydra_ldap_bind_password: hydra_ldap_bind_password: