From 8bc50e1533538437d9a21ae79c88747d5cc44fdf Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Mon, 9 Oct 2023 10:57:30 +0200 Subject: [PATCH] feat(hydra): configurable ttl_refresh_token adding new variable to configure ttl_refresh_token ref mse project : https://forge.cadoles.com/CNOUS/mse/issues/2591 --- defaults/main.yml | 3 +++ sso.schema.yml | 3 +++ templates/cadoles-pod-hydra-v1.conf.j2 | 1 + 3 files changed, 7 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index f884ba6..fa6d496 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -162,6 +162,9 @@ hydra_saml_debug: no # Niveau de verbosité du service shibboleth-sp hydra_saml_sp_log_level: WARN +# Durée de vie des "refresh_token" +hydra_ttl_refresh_token: "24h" + # Inclure les règles de cartographie des attributs SAML fournis par défaut par le projet hydra-shibboleth-sp-v3 hydra_saml_include_sp_default_attributes_mapping: "yes" diff --git a/sso.schema.yml b/sso.schema.yml index f3c4cb7..27af98e 100644 --- a/sso.schema.yml +++ b/sso.schema.yml @@ -86,6 +86,9 @@ properties: hydra_log_leak_sensitive_values: type: boolean + hydra_ttl_refresh_token: + type: string + # This value should not be changed after first deployment ! hydra_secrets_seed: type: string diff --git a/templates/cadoles-pod-hydra-v1.conf.j2 b/templates/cadoles-pod-hydra-v1.conf.j2 index 0ea00df..f98951a 100644 --- a/templates/cadoles-pod-hydra-v1.conf.j2 +++ b/templates/cadoles-pod-hydra-v1.conf.j2 @@ -18,6 +18,7 @@ PODMAN_ARGS="\ -e 'HYDRA_URL_POST_LOGOUT={{ hydra_url_post_logout }}' \ -e 'HYDRA_ALLOW_INSECURE=yes' \ -e 'HYDRA_LEVEL={{ hydra_log_level }}' \ + -e 'TTL_REFRESH_TOKEN={{ hydra_ttl_refresh_token }}'\ {% if hydra_public_cors_allowed_origins | default([]) | length > 0 %} -e 'SERVE_PUBLIC_CORS_ENABLED=true' \ -e 'SERVE_PUBLIC_CORS_ALLOWED_ORIGINS={{ hydra_public_cors_allowed_origins | join(',') }}' \