(hydra) ajout url post logout

defaults/main.yml

@@ -43,6 +43,8 @@ hydra_urls_self_issuer_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_base_
 hydra_urls_consent: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/consent"
 hydra_urls_login: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/login"
 hydra_urls_logout: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/logout"
+hydra_url_post_logout: "{{ haproxy_public_base_url }}"
+
 
 hydra_log_level: warn
 hydra_log_leak_sensitive_values: no
@@ -60,7 +62,7 @@ hydra_clients:
 
 hydra_dispatcher_cookie_path: "{{ haproxy_hydra_dispatcher_base_path }}"
 hydra_dispatcher_debug: no
-hydra_dispatcher_admin_authorized_hosts: 
+hydra_dispatcher_admin_authorized_hosts:
   - '10.0.0.0/8'
   - '172.16.0.0/12'
   - '192.168.0.0/16'
@@ -87,12 +89,12 @@ hydra_passwordless_smtp_insecure_skip_verify: no
 hydra_passwordless_smtp_use_start_tls: no
 hydra_passwordless_sender_address: noreply@localhost
 hydra_passwordless_sender_name: "[hydra-passwordless]"
-hydra_passwordless_attributes_rewrite_rules: 
+hydra_passwordless_attributes_rewrite_rules:
     email:
       - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
     email_verified:
       - "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false"
-    family_name: 
+    family_name:
       - "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
     given_name:
       - "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"
@@ -138,10 +140,10 @@ hydra_saml_include_sp_default_attributes_policy: "yes"
 
 # Règles de sélection et réécritures des attributs du jeton OIDC
 # en provenance de la login-app sélectionnée
-hydra_saml_attributes_rewrite_rules: 
+hydra_saml_attributes_rewrite_rules:
   email:
     - "consent.session.id_token.email ? consent.session.id_token.email : null"
-  family_name: 
+  family_name:
     - "consent.session.id_token.family_name ? consent.session.id_token.family_name : null"
   given_name:
     - "consent.session.id_token.given_name ? consent.session.id_token.given_name : null"
@@ -172,7 +174,7 @@ saml_attributes:
     nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
   - id: mail
     name: urn:oid:0.9.2342.19200300.100.1.3
-    nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri 
+    nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
 
 saml_attribute_policies: []
 
@@ -195,11 +197,11 @@ hydra_oidc_identity_provider_id: oidc
 hydra_oidc_authorize_endpoint:
 hydra_oidc_token_endpoint:
 hydra_oidc_userinfo_endpoint:
-hydra_oidc_logout_endpoint: 
+hydra_oidc_logout_endpoint:
 hydra_oidc_post_logout_redirect_url:
 hydra_oidc_scope: openid email
 hydra_oidc_client_id:
-hydra_oidc_client_secret: 
+hydra_oidc_client_secret:
 hydra_oidc_additionnal_env: {}
 hydra_oidc_app_options: {}
 hydra_oidc_attributes_rewrite_rules:
@@ -207,7 +209,7 @@ hydra_oidc_attributes_rewrite_rules:
     - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
   email_verified:
     - "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false"
-  family_name: 
+  family_name:
     - "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
   given_name:
     - "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"
@@ -234,7 +236,7 @@ hydra_ldap_attributes_rewrite_rules:
     - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
   email_verified:
     - "property_exists(consent.session.id_token, 'email_verified') ? consent.session.id_token.email_verified : false"
-  family_name: 
+  family_name:
     - "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
   given_name:
     - "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"

sso.schema.yml

@@ -78,6 +78,8 @@ properties:
     type: string
   hydra_urls_logout:
     type: string
+  hydra_url_post_logout:
+    type: string
 
   hydra_log_level:
     type: string
@@ -153,4 +155,4 @@ properties:
   oidc_test_app_client_secret:
     type: string
 
-additionalProperties: true
+additionalProperties: true

templates/cadoles-pod-hydra-v1.conf.j2

@@ -14,9 +14,10 @@ PODMAN_ARGS="\
     -e 'HYDRA_URLS_CONSENT={{ hydra_urls_consent }}' \
     -e 'HYDRA_URLS_LOGIN={{ hydra_urls_login }}' \
     -e 'HYDRA_URLS_LOGOUT={{ hydra_urls_logout }}' \
+    -e 'HYDRA_URL_POST_LOGOUT={{ hydra_url_post_logout }}' \
     -e 'HYDRA_ALLOW_INSECURE=yes' \
     -e 'HYDRA_LEVEL={{ hydra_log_level }}' \
     -e 'HYDRA_SECRETS_SYSTEM={{ lookup('ansible.builtin.password', '/dev/null length=32 seed=hydra_secrets_seed') }}' \
     -e 'HYDRA_OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT={{ lookup('ansible.builtin.password', '/dev/null length=32 seed=hydra_secrets_seed') }}' \
     -v /etc/hydra/clients.d:/etc/hydra/clients.d \
-"
+"