75 lines
3.5 KiB
Plaintext
75 lines
3.5 KiB
Plaintext
[info_config]
|
|
sssd preconfigured = True
|
|
global enabled = sssd,nss,fas
|
|
fas fas url = https://accounts.rockylinux.org/
|
|
fas fas proxy client user agent = Ipsilon v1.0
|
|
fas fas insecure auth = False
|
|
fas bind username = {{ ipsilon_fas_username }}
|
|
fas bind password = {{ ipsilon_fas_password }}
|
|
fas preconfigured=True
|
|
|
|
[sssd_data]
|
|
|
|
[nss_data]
|
|
|
|
[fas_data]
|
|
|
|
[login_config]
|
|
fas fas url = https://accounts.rockylinux.org
|
|
fas fas proxy client user agent = Ipsilon v1.0
|
|
fas fas insecure auth = False
|
|
fas username text = RAS Username
|
|
fas password text = Password
|
|
fas help text = Login with your RAS credentials
|
|
global enabled = gssapi,form
|
|
|
|
[gssapi_data]
|
|
|
|
[form_data]
|
|
|
|
[provider_config]
|
|
openidc database url = postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_password }}@{{ ipsilon_db_host }}/{{ ipsilon_db_name }}
|
|
openidc static database url = postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_password }}@{{ ipsilon_db_host }}/{{ ipsilon_db_name }}
|
|
openidc enabled extensions = ipsilon, mbs, fedora-account
|
|
openidc endpoint url = https://{{ idp_hostname }}/idp/openidc/
|
|
openidc documentation url = https://ipsilonproject.org/doc/openidc/
|
|
openidc policy url = http://www.example.com/
|
|
openidc tos url = http://www.example.com/
|
|
openidc idp key file = /var/lib/ipsilon/idp/openidc/openidc.key
|
|
openidc idp sig key id = 1633884828-sig
|
|
openidc idp subject salt = {{ ipsilon_oidc_salt }}
|
|
openidc allow dynamic client registration = True
|
|
openidc default attribute mapping = [["*", "*"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "nickname"], ["_username", "preferred_username"], ["fasIRCNick", "ircnick"], ["fasLocale", "locale"], ["fasTimeZone", "zoneinfo"], ["fasTimeZone", "timezone"], ["fasWebsiteURL", "website"], ["fasGPGKeyId", "gpg_keyid"], ["ipaSshPubKey", "ssh_key"], ["fasIsPrivate", "privacy"], ["fullname", "human_name"]]
|
|
openidc default allowed attributes = ["*"]
|
|
openidc access token lifetime = 3600
|
|
openidc refresh token lifetime = 31536000
|
|
global enabled = openidc,saml2,openid
|
|
openid default allowed attributes = ["*"]
|
|
openid database url = postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_password }}@{{ ipsilon_db_host }}/{{ ipsilon_db_name }}
|
|
openid default email domain =
|
|
openid endpoint url = https://{{ idp_hostname }}/idp/openid/
|
|
openid identity url template = https://{{ idp_hostname }}/idp/openid/id/%(username)s
|
|
openid trusted roots = {{ ipsilon_openid_trust_roots }}
|
|
openid untrusted roots =
|
|
openid enabled extensions = Attribute Exchange, CLAs, Fedora Teams, Simple Registration, Teams, API
|
|
openid default attribute mapping = [["*", "*"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "nickname"], ["_username", "preferred_username"], ["fasIRCNick", "ircnick"], ["fasLocale", "locale"], ["fasTimeZone", "zoneinfo"], ["fasTimeZone", "timezone"], ["fasWebsiteURL", "website"], ["fasGPGKeyId", "gpg_keyid"], ["ipaSshPubKey", "ssh_key"], ["fasIsPrivate", "privacy"], ["fullname", "human_name"], ["mail", "email"]]
|
|
saml2 idp storage path = /var/lib/ipsilon/idp/saml2
|
|
saml2 idp metadata file = metadata.xml
|
|
saml2 idp certificate file = /var/lib/ipsilon/idp/saml2/idp.pem
|
|
saml2 idp key file = /var/lib/ipsilon/idp/saml2/idp.key
|
|
saml2 idp nameid salt = {{ ipsilon_saml2_salt }}
|
|
saml2 idp metadata validity = 1825
|
|
saml2 session database url = postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_password }}@{{ ipsilon_db_host }}/{{ ipsilon_db_name }}
|
|
|
|
[openidc_data]
|
|
|
|
[saml2_data]
|
|
|
|
[openid_data]
|
|
|
|
[authz_config]
|
|
global enabled = allow
|
|
|
|
[allow_data]
|
|
|