feat: more customization options

2022-07-27 17:58:22 +02:00 · 2022-07-27 17:58:22 +02:00 · 9401ca6adc
parent 3452c72f98
commit 9401ca6adc
4 changed files with 22 additions and 8 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -73,6 +73,21 @@ hydra_saml_app_description: Authentification via SAML
 hydra_saml_app_icon_url: 
 hydra_saml_idp_entity_id: https://samltest.id/saml/idp
 hydra_saml_idp_metadata_url: https://samltest.id/saml/idp
+hydra_saml_allowed_redirects: []
+
+hydra_saml_subject_header: subject-id
+hydra_saml_headers_attributes_mapping:
+  - header: mail
+    attribute: email
+    required: true
+
+saml_attributes:
+  - id: uid
+    name: urn:oid:0.9.2342.19200300.100.1.1
+    nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+  - id: mail
+    name: urn:oid:0.9.2342.19200300.100.1.3
+    nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri 

 # OIDC Test configuration

--- a/templates/cadoles-pod-shibboleth-sp-v3.conf.j2
+++ b/templates/cadoles-pod-shibboleth-sp-v3.conf.j2
@ -8,7 +8,8 @@ PODMAN_ARGS="\
    -e 'APACHE_BACKEND_URL=http://10.0.2.2:3003' \
    -e 'APACHE_FORCE_HTTPS={{ "true" if haproxy_public_base_url.startswith('https') else "false" }}' \
    -e 'SP_HANDLER_BASE_PATH={{ haproxy_hydra_saml_base_path }}' \
+    -e 'SP_SESSIONS_REDIRECT_LIMIT=host+allow' \
+    -e 'SP_SESSIONS_REDIRECT_ALLOW={{ hydra_saml_allowed_redirects | join(',') }}' \
    -v '/etc/shibboleth/attribute-map.inc.xml:/etc/shibboleth/attribute-map.inc.xml' \
-    -v '/etc/shibboleth/shibboleth2.xml.gotmpl:/etc/shibboleth/shibboleth2.xml.gotmpl' \
    -v '/etc/shibboleth/credentials:/etc/shibboleth/credentials' \
 "
--- a/templates/hydra-remote-user.yml.j2
+++ b/templates/hydra-remote-user.yml.j2
@ -1,6 +1,3 @@
 remote_user:
-  subject_header: subject-id
-  headers_attributes_mapping:
-    - header: mail
-      attribute: email
-      required: true
+  subject_header: "{{ hydra_saml_subject_header }}"
+  headers_attributes_mapping: {{ hydra_saml_headers_attributes_mapping | to_json }}
--- a/templates/shibboleth-attribute-map.inc.xml.j2
+++ b/templates/shibboleth-attribute-map.inc.xml.j2
@ -1,2 +1,3 @@
-<Attribute name="urn:oid:0.9.2342.19200300.100.1.1" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" id="uid" />
-<Attribute name="urn:oid:0.9.2342.19200300.100.1.3" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" id="mail" />
+{% for item in saml_attributes %}
+<Attribute name="{{ item.name }}" nameFormat="{{ item.nameFormat }}" id="{{ item.id }}" />
+{% endfor %}