From 9401ca6adc190a457dc479337213475326c0b322 Mon Sep 17 00:00:00 2001 From: William Petit Date: Wed, 27 Jul 2022 17:58:22 +0200 Subject: [PATCH] feat: more customization options --- defaults/main.yml | 15 +++++++++++++++ templates/cadoles-pod-shibboleth-sp-v3.conf.j2 | 3 ++- templates/hydra-remote-user.yml.j2 | 7 ++----- templates/shibboleth-attribute-map.inc.xml.j2 | 5 +++-- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index e4f82e0..d35f570 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -73,6 +73,21 @@ hydra_saml_app_description: Authentification via SAML hydra_saml_app_icon_url: hydra_saml_idp_entity_id: https://samltest.id/saml/idp hydra_saml_idp_metadata_url: https://samltest.id/saml/idp +hydra_saml_allowed_redirects: [] + +hydra_saml_subject_header: subject-id +hydra_saml_headers_attributes_mapping: + - header: mail + attribute: email + required: true + +saml_attributes: + - id: uid + name: urn:oid:0.9.2342.19200300.100.1.1 + nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri + - id: mail + name: urn:oid:0.9.2342.19200300.100.1.3 + nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri # OIDC Test configuration diff --git a/templates/cadoles-pod-shibboleth-sp-v3.conf.j2 b/templates/cadoles-pod-shibboleth-sp-v3.conf.j2 index 88d0533..72816b1 100644 --- a/templates/cadoles-pod-shibboleth-sp-v3.conf.j2 +++ b/templates/cadoles-pod-shibboleth-sp-v3.conf.j2 @@ -8,7 +8,8 @@ PODMAN_ARGS="\ -e 'APACHE_BACKEND_URL=http://10.0.2.2:3003' \ -e 'APACHE_FORCE_HTTPS={{ "true" if haproxy_public_base_url.startswith('https') else "false" }}' \ -e 'SP_HANDLER_BASE_PATH={{ haproxy_hydra_saml_base_path }}' \ + -e 'SP_SESSIONS_REDIRECT_LIMIT=host+allow' \ + -e 'SP_SESSIONS_REDIRECT_ALLOW={{ hydra_saml_allowed_redirects | join(',') }}' \ -v '/etc/shibboleth/attribute-map.inc.xml:/etc/shibboleth/attribute-map.inc.xml' \ - -v '/etc/shibboleth/shibboleth2.xml.gotmpl:/etc/shibboleth/shibboleth2.xml.gotmpl' \ -v '/etc/shibboleth/credentials:/etc/shibboleth/credentials' \ " \ No newline at end of file diff --git a/templates/hydra-remote-user.yml.j2 b/templates/hydra-remote-user.yml.j2 index 6d320c5..ca8faf0 100644 --- a/templates/hydra-remote-user.yml.j2 +++ b/templates/hydra-remote-user.yml.j2 @@ -1,6 +1,3 @@ remote_user: - subject_header: subject-id - headers_attributes_mapping: - - header: mail - attribute: email - required: true \ No newline at end of file + subject_header: "{{ hydra_saml_subject_header }}" + headers_attributes_mapping: {{ hydra_saml_headers_attributes_mapping | to_json }} \ No newline at end of file diff --git a/templates/shibboleth-attribute-map.inc.xml.j2 b/templates/shibboleth-attribute-map.inc.xml.j2 index 261c341..a9027d9 100644 --- a/templates/shibboleth-attribute-map.inc.xml.j2 +++ b/templates/shibboleth-attribute-map.inc.xml.j2 @@ -1,2 +1,3 @@ - - \ No newline at end of file +{% for item in saml_attributes %} + +{% endfor %} \ No newline at end of file