(hydra) ajout url post logout
This commit is contained in:
parent
8953a1ca1b
commit
f178677b12
@ -43,6 +43,8 @@ hydra_urls_self_issuer_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_base_
|
||||
hydra_urls_consent: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/consent"
|
||||
hydra_urls_login: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/login"
|
||||
hydra_urls_logout: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/logout"
|
||||
hydra_url_post_logout: "{{ haproxy_public_base_url }}"
|
||||
|
||||
|
||||
hydra_log_level: warn
|
||||
hydra_log_leak_sensitive_values: no
|
||||
@ -60,7 +62,7 @@ hydra_clients:
|
||||
|
||||
hydra_dispatcher_cookie_path: "{{ haproxy_hydra_dispatcher_base_path }}"
|
||||
hydra_dispatcher_debug: no
|
||||
hydra_dispatcher_admin_authorized_hosts:
|
||||
hydra_dispatcher_admin_authorized_hosts:
|
||||
- '10.0.0.0/8'
|
||||
- '172.16.0.0/12'
|
||||
- '192.168.0.0/16'
|
||||
@ -87,12 +89,12 @@ hydra_passwordless_smtp_insecure_skip_verify: no
|
||||
hydra_passwordless_smtp_use_start_tls: no
|
||||
hydra_passwordless_sender_address: noreply@localhost
|
||||
hydra_passwordless_sender_name: "[hydra-passwordless]"
|
||||
hydra_passwordless_attributes_rewrite_rules:
|
||||
hydra_passwordless_attributes_rewrite_rules:
|
||||
email:
|
||||
- "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
|
||||
email_verified:
|
||||
- "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false"
|
||||
family_name:
|
||||
family_name:
|
||||
- "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
|
||||
given_name:
|
||||
- "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"
|
||||
@ -138,10 +140,10 @@ hydra_saml_include_sp_default_attributes_policy: "yes"
|
||||
|
||||
# Règles de sélection et réécritures des attributs du jeton OIDC
|
||||
# en provenance de la login-app sélectionnée
|
||||
hydra_saml_attributes_rewrite_rules:
|
||||
hydra_saml_attributes_rewrite_rules:
|
||||
email:
|
||||
- "consent.session.id_token.email ? consent.session.id_token.email : null"
|
||||
family_name:
|
||||
family_name:
|
||||
- "consent.session.id_token.family_name ? consent.session.id_token.family_name : null"
|
||||
given_name:
|
||||
- "consent.session.id_token.given_name ? consent.session.id_token.given_name : null"
|
||||
@ -172,7 +174,7 @@ saml_attributes:
|
||||
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
|
||||
- id: mail
|
||||
name: urn:oid:0.9.2342.19200300.100.1.3
|
||||
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
|
||||
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
|
||||
|
||||
saml_attribute_policies: []
|
||||
|
||||
@ -195,11 +197,11 @@ hydra_oidc_identity_provider_id: oidc
|
||||
hydra_oidc_authorize_endpoint:
|
||||
hydra_oidc_token_endpoint:
|
||||
hydra_oidc_userinfo_endpoint:
|
||||
hydra_oidc_logout_endpoint:
|
||||
hydra_oidc_logout_endpoint:
|
||||
hydra_oidc_post_logout_redirect_url:
|
||||
hydra_oidc_scope: openid email
|
||||
hydra_oidc_client_id:
|
||||
hydra_oidc_client_secret:
|
||||
hydra_oidc_client_secret:
|
||||
hydra_oidc_additionnal_env: {}
|
||||
hydra_oidc_app_options: {}
|
||||
hydra_oidc_attributes_rewrite_rules:
|
||||
@ -207,7 +209,7 @@ hydra_oidc_attributes_rewrite_rules:
|
||||
- "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
|
||||
email_verified:
|
||||
- "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false"
|
||||
family_name:
|
||||
family_name:
|
||||
- "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
|
||||
given_name:
|
||||
- "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"
|
||||
@ -234,7 +236,7 @@ hydra_ldap_attributes_rewrite_rules:
|
||||
- "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
|
||||
email_verified:
|
||||
- "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false"
|
||||
family_name:
|
||||
family_name:
|
||||
- "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
|
||||
given_name:
|
||||
- "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"
|
||||
|
@ -78,6 +78,8 @@ properties:
|
||||
type: string
|
||||
hydra_urls_logout:
|
||||
type: string
|
||||
hydra_url_post_logout:
|
||||
type: string
|
||||
|
||||
hydra_log_level:
|
||||
type: string
|
||||
@ -153,4 +155,4 @@ properties:
|
||||
oidc_test_app_client_secret:
|
||||
type: string
|
||||
|
||||
additionalProperties: true
|
||||
additionalProperties: true
|
||||
|
@ -14,9 +14,10 @@ PODMAN_ARGS="\
|
||||
-e 'HYDRA_URLS_CONSENT={{ hydra_urls_consent }}' \
|
||||
-e 'HYDRA_URLS_LOGIN={{ hydra_urls_login }}' \
|
||||
-e 'HYDRA_URLS_LOGOUT={{ hydra_urls_logout }}' \
|
||||
-e 'HYDRA_URL_POST_LOGOUT={{ hydra_url_post_logout }}' \
|
||||
-e 'HYDRA_ALLOW_INSECURE=yes' \
|
||||
-e 'HYDRA_LEVEL={{ hydra_log_level }}' \
|
||||
-e 'HYDRA_SECRETS_SYSTEM={{ lookup('ansible.builtin.password', '/dev/null length=32 seed=hydra_secrets_seed') }}' \
|
||||
-e 'HYDRA_OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT={{ lookup('ansible.builtin.password', '/dev/null length=32 seed=hydra_secrets_seed') }}' \
|
||||
-v /etc/hydra/clients.d:/etc/hydra/clients.d \
|
||||
"
|
||||
"
|
||||
|
Loading…
Reference in New Issue
Block a user