William Petit
22fda4ed54
All checks were successful
Cadoles/bouncer/pipeline/pr-develop This commit looks good
127 lines
5.2 KiB
JSON
127 lines
5.2 KiB
JSON
{
|
|
"$id": "https://forge.cadoles.com/cadoles/bouncer/schemas/authn-oidc-layer-options",
|
|
"title": "Options de configuration du layer 'authn-oidc'",
|
|
"type": "object",
|
|
"properties": {
|
|
"oidc": {
|
|
"title": "Configuration du client OpenID Connect",
|
|
"type": "object",
|
|
"properties": {
|
|
"clientId": {
|
|
"title": "Identifiant du client OpenID Connect",
|
|
"type": "string"
|
|
},
|
|
"clientSecret": {
|
|
"title": "Secret du client OpenID Connect",
|
|
"type": "string"
|
|
},
|
|
"issuerURL": {
|
|
"title": "URL de base du fournisseur OpenID Connect (racine du .well-known/openid-configuration)",
|
|
"type": "string"
|
|
},
|
|
"postLogoutRedirectURL": {
|
|
"title": "URL de redirection après déconnexion",
|
|
"type": "string"
|
|
},
|
|
"scopes": {
|
|
"title": "Scopes associés au client OpenID Connect",
|
|
"default": [
|
|
"openid"
|
|
],
|
|
"type": "array",
|
|
"item": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"authParams": {
|
|
"title": "Paramètres d'URL supplémentaires à ajouter à la requête d'authentification OpenID Connect",
|
|
"default": {},
|
|
"description": "L'ensemble des clés valeurs renseignées seront transformées en variables d'URL lors de la requête d'authentification initiale. Permet par exemple d'ajouter les 'acr_values' requises par certains fournisseurs d'identité OpenID Connect.",
|
|
"type": "object",
|
|
"patternProperties": {
|
|
".*": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
},
|
|
"loginCallbackPath": {
|
|
"title": "Chemin associé à l'URL de callback OpenID Connect",
|
|
"default": "/.bouncer/authn/oidc/%s/callback",
|
|
"description": "Le marqueur '%s' peut être utilisé pour injecter l'espace de nom '<proxy>/<layer>'.",
|
|
"type": "string"
|
|
},
|
|
"logoutPath": {
|
|
"title": "Chemin associé à l'URL de déconnexion",
|
|
"default": "/.bouncer/authn/oidc/%s/logout",
|
|
"description": "Le marqueur '%s' peut être utilisé pour injecter l'espace de nom '<proxy>/<layer>'.",
|
|
"type": "string"
|
|
},
|
|
"skipIssuerVerification": {
|
|
"title": "Activer/désactiver la vérification de concordance de l'identifiant du fournisseur d'identité",
|
|
"default": false,
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"clientId",
|
|
"clientSecret",
|
|
"issuerURL"
|
|
]
|
|
},
|
|
"cookie": {
|
|
"title": "Configuration du cookie porteur de la session utilisateur",
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"title": "Nom du cookie",
|
|
"default": "_bouncer_authn_oidc",
|
|
"type": "string"
|
|
},
|
|
"domain": {
|
|
"title": "Domaine associé au cookie",
|
|
"description": "Par défaut le domaine associé à la requête HTTP",
|
|
"type": "string"
|
|
},
|
|
"path": {
|
|
"title": "Chemin associé au cookie",
|
|
"type": "string",
|
|
"default": "/"
|
|
},
|
|
"sameSite": {
|
|
"title": "Attribut sameSite du cookie",
|
|
"description": "Voir https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value",
|
|
"type": "string",
|
|
"enum": [
|
|
"lax",
|
|
"none",
|
|
"strict",
|
|
""
|
|
],
|
|
"default": ""
|
|
},
|
|
"httpOnly": {
|
|
"title": "Interdire ou non l'accès au cookie en Javascript",
|
|
"type": "boolean",
|
|
"default": false
|
|
},
|
|
"secure": {
|
|
"title": "Transmettre le cookie uniquement en HTTPS",
|
|
"type": "boolean",
|
|
"default": false
|
|
},
|
|
"maxAge": {
|
|
"title": "Temps de vie du cookie et de la session associée.",
|
|
"description": "Voir https://pkg.go.dev/time#ParseDuration pour le format attendu.",
|
|
"default": "1h",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"oidc"
|
|
]
|
|
} |