Cadoles
/
ansible-role-sso
10
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

feat: more customization options

This commit is contained in:
wpetit 2022-07-27 17:58:22 +02:00
parent 3452c72f98
commit 9401ca6adc
4 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
defaults/main.yml
View File

@ -73,6 +73,21 @@ hydra_saml_app_description: Authentification via SAML
hydra_saml_app_icon_url: hydra_saml_app_icon_url:
hydra_saml_idp_entity_id: https://samltest.id/saml/idp hydra_saml_idp_entity_id: https://samltest.id/saml/idp
hydra_saml_idp_metadata_url: https://samltest.id/saml/idp hydra_saml_idp_metadata_url: https://samltest.id/saml/idp
hydra_saml_allowed_redirects: []
hydra_saml_subject_header: subject-id
hydra_saml_headers_attributes_mapping:
- header: mail
attribute: email
required: true
saml_attributes:
- id: uid
name: urn:oid:0.9.2342.19200300.100.1.1
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- id: mail
name: urn:oid:0.9.2342.19200300.100.1.3
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
# OIDC Test configuration # OIDC Test configuration

3
templates/cadoles-pod-shibboleth-sp-v3.conf.j2
View File

@ -8,7 +8,8 @@ PODMAN_ARGS="\
-e 'APACHE_BACKEND_URL=http://10.0.2.2:3003' \ -e 'APACHE_BACKEND_URL=http://10.0.2.2:3003' \
-e 'APACHE_FORCE_HTTPS={{ "true" if haproxy_public_base_url.startswith('https') else "false" }}' \ -e 'APACHE_FORCE_HTTPS={{ "true" if haproxy_public_base_url.startswith('https') else "false" }}' \
-e 'SP_HANDLER_BASE_PATH={{ haproxy_hydra_saml_base_path }}' \ -e 'SP_HANDLER_BASE_PATH={{ haproxy_hydra_saml_base_path }}' \
-e 'SP_SESSIONS_REDIRECT_LIMIT=host+allow' \
-e 'SP_SESSIONS_REDIRECT_ALLOW={{ hydra_saml_allowed_redirects | join(',') }}' \
-v '/etc/shibboleth/attribute-map.inc.xml:/etc/shibboleth/attribute-map.inc.xml' \ -v '/etc/shibboleth/attribute-map.inc.xml:/etc/shibboleth/attribute-map.inc.xml' \
-v '/etc/shibboleth/shibboleth2.xml.gotmpl:/etc/shibboleth/shibboleth2.xml.gotmpl' \
-v '/etc/shibboleth/credentials:/etc/shibboleth/credentials' \ -v '/etc/shibboleth/credentials:/etc/shibboleth/credentials' \
" "

7
templates/hydra-remote-user.yml.j2
View File

@ -1,6 +1,3 @@
remote_user: remote_user:
subject_header: subject-id subject_header: "{{ hydra_saml_subject_header }}"
headers_attributes_mapping: headers_attributes_mapping: {{ hydra_saml_headers_attributes_mapping | to_json }}
- header: mail
attribute: email
required: true

5
templates/shibboleth-attribute-map.inc.xml.j2
View File

@ -1,2 +1,3 @@
<Attribute name="urn:oid:0.9.2342.19200300.100.1.1" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" id="uid" /> {% for item in saml_attributes %}
<Attribute name="urn:oid:0.9.2342.19200300.100.1.3" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" id="mail" /> <Attribute name="{{ item.name }}" nameFormat="{{ item.nameFormat }}" id="{{ item.id }}" />
{% endfor %}