ansible-role-ipsilon/templates/configuration.conf

[info_config]
sssd preconfigured = True
global enabled = sssd,nss,fas
fas fas url = https://accounts.rockylinux.org/
fas fas proxy client user agent = Ipsilon v1.0
fas fas insecure auth = False
fas bind username = {{ ipsilon_fas_username }}
fas bind password = {{ ipsilon_fas_password }}
fas preconfigured=True

[sssd_data]

[nss_data]

[fas_data]

[login_config]
fas fas url = https://accounts.rockylinux.org
fas fas proxy client user agent = Ipsilon v1.0
fas fas insecure auth = False
fas username text = RAS Username
fas password text = Password
fas help text = Login with your RAS credentials
global enabled = gssapi,form

[gssapi_data]

[form_data]

[provider_config]
openidc database url = postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_password }}@{{ ipsilon_db_host }}/{{ ipsilon_db_name }}
openidc static database url = postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_password }}@{{ ipsilon_db_host }}/{{ ipsilon_db_name }}
openidc enabled extensions = ipsilon, mbs, fedora-account
openidc endpoint url = https://{{ idp_hostname }}/idp/openidc/
openidc documentation url = https://ipsilonproject.org/doc/openidc/
openidc policy url = http://www.example.com/
openidc tos url = http://www.example.com/
openidc idp key file = /var/lib/ipsilon/idp/openidc/openidc.key
openidc idp sig key id = 1633884828-sig
openidc idp subject salt = {{ ipsilon_oidc_salt }}
openidc allow dynamic client registration = True
openidc default attribute mapping = [["*", "*"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "nickname"], ["_username", "preferred_username"], ["fasIRCNick", "ircnick"], ["fasLocale", "locale"], ["fasTimeZone", "zoneinfo"], ["fasTimeZone", "timezone"], ["fasWebsiteURL", "website"], ["fasGPGKeyId", "gpg_keyid"], ["ipaSshPubKey", "ssh_key"], ["fasIsPrivate", "privacy"], ["fullname", "human_name"]]
openidc default allowed attributes = ["*"]
openidc access token lifetime = 3600
openidc refresh token lifetime = 31536000
global enabled = openidc,saml2,openid
openid default allowed attributes = ["*"]
openid database url = postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_password }}@{{ ipsilon_db_host }}/{{ ipsilon_db_name }}
openid default email domain =
openid endpoint url = https://{{ idp_hostname }}/idp/openid/
openid identity url template = https://{{ idp_hostname }}/idp/openid/id/%(username)s
openid trusted roots = {{ ipsilon_openid_trust_roots }}
openid untrusted roots =
openid enabled extensions = Attribute Exchange, CLAs, Fedora Teams, Simple Registration, Teams, API
openid default attribute mapping = [["*", "*"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "nickname"], ["_username", "preferred_username"], ["fasIRCNick", "ircnick"], ["fasLocale", "locale"], ["fasTimeZone", "zoneinfo"], ["fasTimeZone", "timezone"], ["fasWebsiteURL", "website"], ["fasGPGKeyId", "gpg_keyid"], ["ipaSshPubKey", "ssh_key"], ["fasIsPrivate", "privacy"], ["fullname", "human_name"], ["mail", "email"]]
saml2 idp storage path = /var/lib/ipsilon/idp/saml2
saml2 idp metadata file = metadata.xml
saml2 idp certificate file = /var/lib/ipsilon/idp/saml2/idp.pem
saml2 idp key file = /var/lib/ipsilon/idp/saml2/idp.key
saml2 idp nameid salt = {{ ipsilon_saml2_salt }}
saml2 idp metadata validity = 1825
saml2 session database url = postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_password }}@{{ ipsilon_db_host }}/{{ ipsilon_db_name }}

[openidc_data]

[saml2_data]

[openid_data]

[authz_config]
global enabled = allow

[allow_data]