--- # cadoles-pod repository configuration cadoles_pod_debian_repository_url: https://vulcain.cadoles.com cadoles_pod_debian_repository: bullseye-dev cadoles_pod_debian_repository_key_url: https://vulcain.cadoles.com/cadoles.gpg # packages versions haproxy_package_version: '*' cadoles_pod_hydra_v1_package_version: '*' cadoles_pod_hydra_dispatcher_v1_package_version: '*' cadoles_pod_shibboleth_sp_v3_package_version: '*' cadoles_pod_hydra_remote_user_v1_package_version: '*' cadoles_pod_hydra_passwordless_v1_package_version: '*' # Hydra database configuration hydra_use_external_database: no hydra_database_name: hydra hydra_database_user: hydra hydra_database_password: hydra hydra_database_host: 10.0.2.2 hydra_database_port: 3306 # HAProxy configuration haproxy_public_base_url: http://{{ ansible_default_ipv4.address | default(ansible_all_ipv4_addresses[0]) }} haproxy_hydra_base_path: /auth haproxy_hydra_dispatcher_base_path: /auth/dispatcher haproxy_hydra_passwordless_base_path: /auth/passwordless haproxy_hydra_saml_base_path: /auth/saml haproxy_oidc_test_base_path: /auth/oidc-test haproxy_forwarded_proto: https haproxy_forwarded_host: "%[req.hdr(Host)]" haproxy_forwarded_port: "%[dst_port]" # Hydra OIDC configuration hydra_urls_self_issuer_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_base_path }}" hydra_urls_consent: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/consent" hydra_urls_login: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/login" hydra_urls_logout: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/logout" hydra_log_level: warn hydra_log_leak_sensitive_values: no # This value should not be changed after first deployment ! hydra_secrets_seed: "{{ inventory_hostname }}" # Hydra clients hydra_clients: - client_id: default-client client_name: Default client # Hydra dispatcher configuration hydra_dispatcher_cookie_path: "{{ haproxy_hydra_dispatcher_base_path }}" hydra_dispatcher_debug: no # Hydra Passwordless configuration enable_hydra_passwordless: yes hydra_passwordless_app_title: Adresse courriel hydra_passwordless_app_description: Authentification via adresse courriel hydra_passwordless_app_icon_url: https://upload.wikimedia.org/wikipedia/commons/4/48/You%27ve_got_mail.png hydra_passwordless_smtp_host: smtp-server hydra_passwordless_smtp_port: 25 hydra_passwordless_smtp_user: smtp-user hydra_passwordless_smtp_password: smtp-password hydra_passwordless_smtp_insecure_skip_verify: no hydra_passwordless_smtp_use_start_tls: no hydra_passwordless_sender_address: noreply@localhost hydra_passwordless_sender_name: "[hydra-passwordless]" hydra_passwordless_attributes_rewrite_rules: email: - consent.session.id_token.email # Hydra SAML configuration enable_hydra_saml: yes hydra_saml_app_title: SAML hydra_saml_app_description: Authentification via SAML hydra_saml_app_icon_url: hydra_saml_idp_entity_id: https://samltest.id/saml/idp hydra_saml_idp_metadata_url: https://samltest.id/saml/idp hydra_saml_allowed_redirects: [] hydra_saml_cookie_path: "{{ haproxy_hydra_saml_base_path }}" hydra_saml_debug: no hydra_saml_sp_log_level: WARN hydra_saml_include_sp_default_attributes_mapping: "yes" hydra_saml_include_sp_default_attributes_policy: "yes" hydra_saml_attributes_rewrite_rules: email: - consent.session.id_token.email # Entête HTTP utilisée pour identifier l'utilisateur connecté hydra_saml_subject_header: subject-id # Liste des entêtes HTTP utilisées et transformées en attributs # pour le jeton OIDC hydra_saml_headers_attributes_mapping: - header: mail attribute: email required: true saml_attributes: - id: uid name: urn:oid:0.9.2342.19200300.100.1.1 nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri - id: mail name: urn:oid:0.9.2342.19200300.100.1.3 nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri saml_attribute_policies: [] # OIDC Test configuration enable_oidc_test_app: yes oidc_test_app_client_id: oidc-test oidc_test_app_client_secret: '$oidc-test&123456$' oidc_test_app_public_base_url: "{{ haproxy_public_base_url }}{{ haproxy_oidc_test_base_path }}"