Compare commits

..

4 Commits

12 changed files with 21 additions and 2 deletions

View File

@ -34,7 +34,6 @@ haproxy_oidc_test_base_path: /auth/test
haproxy_forwarded_proto: https haproxy_forwarded_proto: https
haproxy_forwarded_host: "%[req.hdr(Host)]" haproxy_forwarded_host: "%[req.hdr(Host)]"
haproxy_forwarded_port: "%[dst_port]"
# Hydra OIDC configuration # Hydra OIDC configuration

View File

@ -1,3 +1,4 @@
# {{ ansible_managed }}
PODMAN_ARGS="\ PODMAN_ARGS="\
--name 'cadoles-pod-hydra-dispatcher-v1' \ --name 'cadoles-pod-hydra-dispatcher-v1' \
--replace \ --replace \
@ -17,4 +18,5 @@ PODMAN_ARGS="\
-e 'DEFAULT_LOCALE={{ hydra_dispatcher_default_locale }}' \ -e 'DEFAULT_LOCALE={{ hydra_dispatcher_default_locale }}' \
-e 'APP_LOCALES={{ hydra_dispatcher_available_locales | join(',') }}' \ -e 'APP_LOCALES={{ hydra_dispatcher_available_locales | join(',') }}' \
-e 'HYDRA_ADMIN_AUTHORIZED_HOSTS={{ hydra_dispatcher_admin_authorized_hosts | join(',') }}' \ -e 'HYDRA_ADMIN_AUTHORIZED_HOSTS={{ hydra_dispatcher_admin_authorized_hosts | join(',') }}' \
-e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \
" "

View File

@ -1,3 +1,4 @@
# {{ ansible_managed }}
PODMAN_ARGS="\ PODMAN_ARGS="\
--name 'cadoles-pod-hydra-oidc-v1' \ --name 'cadoles-pod-hydra-oidc-v1' \
--replace \ --replace \
@ -17,4 +18,5 @@ PODMAN_ARGS="\
-e 'OIDC_SCOPE={{ hydra_oidc_scope }}' \ -e 'OIDC_SCOPE={{ hydra_oidc_scope }}' \
-e 'CLIENT_ID_FC={{ hydra_oidc_client_id }}' \ -e 'CLIENT_ID_FC={{ hydra_oidc_client_id }}' \
-e 'CLIENT_SECRET_FC={{ hydra_oidc_client_secret }}' \ -e 'CLIENT_SECRET_FC={{ hydra_oidc_client_secret }}' \
-e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \
" "

View File

@ -1,3 +1,4 @@
# {{ ansible_managed }}
PODMAN_ARGS="\ PODMAN_ARGS="\
-p 127.0.0.1:3001:3000 \ -p 127.0.0.1:3001:3000 \
--network=slirp4netns:allow_host_loopback=true \ --network=slirp4netns:allow_host_loopback=true \

View File

@ -1,3 +1,4 @@
# {{ ansible_managed }}
PODMAN_ARGS="\ PODMAN_ARGS="\
-p 127.0.0.1:3003:80 \ -p 127.0.0.1:3003:80 \
--network=slirp4netns:allow_host_loopback=true \ --network=slirp4netns:allow_host_loopback=true \

View File

@ -1,3 +1,4 @@
# {{ ansible_managed }}
PODMAN_ARGS="\ PODMAN_ARGS="\
--name 'cadoles-pod-hydra-v1' \ --name 'cadoles-pod-hydra-v1' \
--replace \ --replace \

View File

@ -1,3 +1,4 @@
# {{ ansible_managed }}
PODMAN_ARGS="\ PODMAN_ARGS="\
-p 127.0.0.1:3002:80 \ -p 127.0.0.1:3002:80 \
--network=slirp4netns:allow_host_loopback=true \ --network=slirp4netns:allow_host_loopback=true \

View File

@ -1,3 +1,4 @@
# {{ ansible_managed }}
global global
log /dev/log local0 log /dev/log local0
log /dev/log local1 notice log /dev/log local1 notice
@ -72,7 +73,6 @@ option forwardfor
http-request set-header X-Forwarded-Proto {{ haproxy_forwarded_proto }} http-request set-header X-Forwarded-Proto {{ haproxy_forwarded_proto }}
http-request set-header X-Forwarded-Host {{ haproxy_forwarded_host }} http-request set-header X-Forwarded-Host {{ haproxy_forwarded_host }}
http-request set-header X-Forwarded-Port {{ haproxy_forwarded_port }}
# Backend Hydra # Backend Hydra
backend hydra backend hydra
@ -85,6 +85,8 @@ backend hydra_dispatcher
balance roundrobin balance roundrobin
# Suppression du préfixe /auth/dispatcher dans l'URL # Suppression du préfixe /auth/dispatcher dans l'URL
http-request set-path %[path,regsub(^{{ haproxy_hydra_dispatcher_base_path }}/,/)] http-request set-path %[path,regsub(^{{ haproxy_hydra_dispatcher_base_path }}/,/)]
http-request set-header X-Forwarded-Prefix {{ haproxy_hydra_dispatcher_base_path }}
server hydra-login-dispatcher 127.0.0.1:3000 check server hydra-login-dispatcher 127.0.0.1:3000 check
{% if enable_hydra_passwordless %} {% if enable_hydra_passwordless %}
@ -93,6 +95,8 @@ backend hydra_passwordless
balance roundrobin balance roundrobin
# Suppression du préfixe /auth/passwordless dans l'URL # Suppression du préfixe /auth/passwordless dans l'URL
http-request set-path %[path,regsub(^{{ haproxy_hydra_passwordless_base_path }},)] http-request set-path %[path,regsub(^{{ haproxy_hydra_passwordless_base_path }},)]
http-request set-header X-Forwarded-Prefix {{ haproxy_hydra_passwordless_base_path }}
server hydra-login-passwordless 127.0.0.1:3001 check server hydra-login-passwordless 127.0.0.1:3001 check
{%- endif %} {%- endif %}
@ -102,6 +106,8 @@ backend hydra_oidc
balance roundrobin balance roundrobin
# Suppression du préfixe /auth/oidc dans l'URL # Suppression du préfixe /auth/oidc dans l'URL
http-request set-path %[path,regsub(^{{ haproxy_hydra_oidc_base_path }},)] http-request set-path %[path,regsub(^{{ haproxy_hydra_oidc_base_path }},)]
http-request set-header X-Forwarded-Prefix {{ haproxy_hydra_oidc_base_path }}
server hydra-login-oidc 127.0.0.1:3004 check server hydra-login-oidc 127.0.0.1:3004 check
{%- endif %} {%- endif %}
@ -117,5 +123,7 @@ backend oidc_test
balance roundrobin balance roundrobin
# Suppression du préfixe /auth/test dans l'URL # Suppression du préfixe /auth/test dans l'URL
http-request set-path %[path,regsub(^{{ haproxy_oidc_test_base_path }},/)] http-request set-path %[path,regsub(^{{ haproxy_oidc_test_base_path }},/)]
http-request set-header X-Forwarded-Prefix {{ haproxy_oidc_test_base_path }}
server oidc-test 127.0.0.1:8080 check server oidc-test 127.0.0.1:8080 check
{% endif %} {% endif %}

View File

@ -1,3 +1,4 @@
# {{ ansible_managed }}
hydra: hydra:
apps: apps:
{% if enable_hydra_passwordless %} {% if enable_hydra_passwordless %}

View File

@ -1,3 +1,4 @@
# {{ ansible_managed }}
remote_user: remote_user:
subject_header: "{{ hydra_saml_subject_header }}" subject_header: "{{ hydra_saml_subject_header }}"
headers_attributes_mapping: {{ hydra_saml_headers_attributes_mapping | to_json }} headers_attributes_mapping: {{ hydra_saml_headers_attributes_mapping | to_json }}

View File

@ -1,3 +1,4 @@
<!-- {{ ansible_managed }} -->
{% for item in saml_attributes %} {% for item in saml_attributes %}
<Attribute {% for key,value in item.items() %}{% if value is not mapping %}{{ key }}="{{ value }}" {% endif %}{% endfor %}> <Attribute {% for key,value in item.items() %}{% if value is not mapping %}{{ key }}="{{ value }}" {% endif %}{% endfor %}>
{% if item.attributeDecoder is defined %} {% if item.attributeDecoder is defined %}

View File

@ -1,3 +1,4 @@
<!-- {{ ansible_managed }} -->
{%- macro xmlnode(node) -%} {%- macro xmlnode(node) -%}
<{{node.tag}}{% if node.attributes is defined %}{% for key,value in node.attributes.items() %} {{ key }}="{{ value }}"{% endfor %}{% endif %}{% if node.children is not defined %}/{% endif %}> <{{node.tag}}{% if node.attributes is defined %}{% for key,value in node.attributes.items() %} {{ key }}="{{ value }}"{% endfor %}{% endif %}{% if node.children is not defined %}/{% endif %}>
{% if node.children is defined %} {% if node.children is defined %}