Cadoles/ansible-role-sso
10
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

feat: multiple fixes and enhancements

Browse Source
This commit is contained in:
wpetit
2022-08-03 21:06:02 +02:00
parent cd86b6d29a
commit cd4c8ceabe
10 changed files with 56 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
defaults/main.yml
View File

@ -23,6 +23,8 @@ hydra_database_port: 3306
# HAProxy configuration
haproxy_public_base_url: http://{{ ansible_default_ipv4.address | default(ansible_all_ipv4_addresses[0]) }}
haproxy_hydra_base_path: /auth
haproxy_hydra_dispatcher_base_path: /auth/dispatcher
haproxy_hydra_passwordless_base_path: /auth/passwordless
haproxy_hydra_saml_base_path: /auth/saml
@ -34,7 +36,7 @@ haproxy_forwarded_port: "%[dst_port]"
# Hydra OIDC configuration
hydra_urls_self_issuer_url: "{{ haproxy_public_base_url }}"
hydra_urls_self_issuer_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_base_path }}"
hydra_urls_consent: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/consent"
hydra_urls_login: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/login"
hydra_urls_logout: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/logout"
@ -70,6 +72,9 @@ hydra_passwordless_smtp_insecure_skip_verify: no
hydra_passwordless_smtp_use_start_tls: no
hydra_passwordless_sender_address: noreply@localhost
hydra_passwordless_sender_name: "[hydra-passwordless]"
hydra_passwordless_attributes_rewrite_rules:
email:
- consent.session.id_token.email
# Hydra SAML configuration
@ -82,8 +87,15 @@ hydra_saml_idp_metadata_url: https://samltest.id/saml/idp
hydra_saml_allowed_redirects: []
hydra_saml_cookie_path: "{{ haproxy_hydra_saml_base_path }}"
hydra_saml_debug: no
hydra_saml_sp_log_level: WARN
hydra_saml_include_sp_default_attributes_mapping: "yes"
hydra_saml_include_sp_default_attributes_policy: "yes"
hydra_saml_attributes_rewrite_rules:
email:
- consent.session.id_token.email
hydra_saml_subject_header: subject-id
hydra_saml_subject_header: REMOTE_USER
hydra_saml_headers_attributes_mapping:
- header: mail
attribute: email
@ -97,6 +109,8 @@ saml_attributes:
name: urn:oid:0.9.2342.19200300.100.1.3
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
saml_attribute_policies: []
# OIDC Test configuration
enable_oidc_test_app: yes