2015-02-24 17:58:29 +00:00
|
|
|
[login_config]
|
2016-11-29 16:28:37 +00:00
|
|
|
global enabled=gssapi,fas
|
2016-11-24 18:37:32 +00:00
|
|
|
fas FAS url=https://admin{{env_suffix}}.fedoraproject.org/accounts/
|
2015-02-24 17:58:29 +00:00
|
|
|
fas FAS Proxy client user Agent=Fedora Ipsilon
|
|
|
|
|
fas FAS Insecure Auth=False
|
|
|
|
|
|
2016-11-24 16:34:50 +00:00
|
|
|
[info_config]
|
2016-11-29 16:28:37 +00:00
|
|
|
global enabled=fas
|
2016-11-24 18:37:32 +00:00
|
|
|
fas FAS url=https://admin{{env_suffix}}.fedoraproject.org/accounts/
|
2016-11-24 16:34:50 +00:00
|
|
|
fas FAS Proxy client user Agent=Fedora Ipsilon
|
|
|
|
|
fas FAS Insecure Auth=False
|
2016-11-29 16:22:18 +00:00
|
|
|
fas Bind Username={{ ipsilon_fasinfo_username }}
|
|
|
|
|
{% if env == "production" %}
|
|
|
|
|
fas Bind Password={{ ipsilon_fasinfo_prod_password }}
|
|
|
|
|
{% else %}
|
|
|
|
|
fas Bind Password={{ ipsilon_fasinfo_stg_password }}
|
|
|
|
|
{% endif %}
|
2015-02-24 17:58:29 +00:00
|
|
|
|
2016-10-31 11:40:07 +00:00
|
|
|
[authz_config]
|
|
|
|
|
global enabled=allow
|
2015-02-24 17:58:29 +00:00
|
|
|
|
|
|
|
|
[provider_config]
|
2016-10-31 14:29:30 +00:00
|
|
|
global enabled=persona,openid,saml2,openidc
|
2015-02-24 17:58:29 +00:00
|
|
|
|
2017-02-07 13:28:59 +00:00
|
|
|
{% if env == "production" %}
|
2017-04-12 15:42:24 +00:00
|
|
|
openidc enabled extensions=fedora-account,mbs,beaker
|
2017-02-07 13:28:59 +00:00
|
|
|
{% else %}
|
2017-04-12 15:06:43 +00:00
|
|
|
openidc enabled extensions=fedora-account,mbs,beaker
|
2017-02-07 13:28:59 +00:00
|
|
|
{% endif %}
|
|
|
|
|
|
2015-02-24 17:58:29 +00:00
|
|
|
{% if env == 'staging' %}
|
|
|
|
|
persona allowed domains=stg.fedoraproject.org
|
|
|
|
|
{% else %}
|
|
|
|
|
persona allowed domains=fedoraproject.org
|
|
|
|
|
{% endif %}
|
2016-11-24 18:37:32 +00:00
|
|
|
persona issuer domain=id{{env_suffix}}.fedoraproject.org
|
2016-11-24 18:41:19 +00:00
|
|
|
persona idp key file=/etc/ipsilon/persona{{env_suffix}}.key
|
2015-02-24 17:58:29 +00:00
|
|
|
|
2016-10-31 14:22:11 +00:00
|
|
|
{% if env == 'staging' %}
|
|
|
|
|
openidc subject salt={{ ipsilon_stg_openidc_subject_salt }}
|
|
|
|
|
{% else %}
|
|
|
|
|
openidc subject salt={{ ipsilon_openidc_subject_salt }}
|
|
|
|
|
{% endif %}
|
2016-11-24 18:37:32 +00:00
|
|
|
openidc endpoint url=https://id{{env_suffix}}.fedoraproject.org/openidc/
|
|
|
|
|
openidc idp key file=/etc/ipsilon/openidc{{env_suffix}}.key
|
2016-11-23 22:12:37 +00:00
|
|
|
openidc database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
|
2016-10-31 14:22:11 +00:00
|
|
|
openidc static database url=configfile:///etc/ipsilon/openidc.static.cfg
|
|
|
|
|
openidc documentation url=https://fedoraproject.org/wiki/Infrastructure/Authentication
|
|
|
|
|
openidc policy url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
|
|
|
|
|
openidc tos url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
|
|
|
|
|
openidc idp sig key id=20161031-sig
|
|
|
|
|
openidc allow dynamic client registration=False
|
|
|
|
|
openidc default attribute mapping=[["*", "*"], ["timezone", "zoneinfo"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"]]
|
|
|
|
|
|
2016-11-24 18:37:32 +00:00
|
|
|
openid endpoint url=https://id{{env_suffix}}.fedoraproject.org/openid/
|
|
|
|
|
openid identity url template=http://%(username)s.id{{env_suffix}}.fedoraproject.org/
|
2015-02-24 17:58:29 +00:00
|
|
|
{% if env == 'staging' %}
|
|
|
|
|
openid trusted roots=
|
|
|
|
|
{% else %}
|
2015-12-01 23:28:22 +00:00
|
|
|
openid trusted roots=http://jenkins.fedorainfracloud.org/securityRealm/finishLogin,http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin,https://ask.fedoraproject.org/,https://fedorahosted.org/,https://badges.fedoraproject.org,https://apps.fedoraproject.org/tagger/,https://apps.fedoraproject.org/nuancier/,https://apps.fedoraproject.org/datagrepper/,https://apps.fedoraproject.org/calendar/,http://apps.fedoraproject.org/notifications/,http://copr.fedoraproject.org/,https://copr.fedoraproject.org/,https://admin.fedoraproject.org/pkgdb/,https://admin.fedoraproject.org/voting/,https://apps.fedoraproject.org/github2fedmsg,https://admin.fedoraproject.org,https://apps.fedoraproject.org/,https://release-monitoring.org/,http://pagure.io/,http://admin.fedoraproject.org/mirrormanager/,https://apps.fedoraproject.org/koschei/,https://bodhi.fedoraproject.org,https://lists.fedoraproject.org/,https://openqa.fedoraproject.org/
|
2015-02-24 17:58:29 +00:00
|
|
|
{% endif %}
|
2015-07-08 08:19:34 +00:00
|
|
|
openid database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
|
2015-02-24 17:58:29 +00:00
|
|
|
openid untrusted roots=
|
2015-10-07 11:29:07 +00:00
|
|
|
openid enabled extensions=Fedora Teams,Attribute Exchange,CLAs,Simple Registration,API
|
2015-02-24 17:58:29 +00:00
|
|
|
|
2015-09-30 09:15:39 +00:00
|
|
|
saml2 idp storage path=/etc/ipsilon/saml2
|
|
|
|
|
saml2 idp metadata file=metadata.xml
|
2015-09-30 09:25:24 +00:00
|
|
|
{% if env == 'staging' %}
|
2015-09-30 09:40:02 +00:00
|
|
|
saml2 idp nameid salt={{ ipsilon_stg_saml2_nameid_salt }}
|
2015-09-30 09:35:47 +00:00
|
|
|
saml2 idp certificate file=certificate.stg.pem
|
2015-09-30 11:47:32 +00:00
|
|
|
saml2 idp key file=certificate.stg.key
|
2015-09-30 09:25:24 +00:00
|
|
|
{% else %}
|
2015-09-30 09:15:39 +00:00
|
|
|
saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }}
|
2016-09-13 23:21:15 +00:00
|
|
|
saml2 idp certificate file=idp.crt
|
|
|
|
|
saml2 idp key file=idp.key
|
2015-09-30 09:25:24 +00:00
|
|
|
{% endif %}
|
2015-09-30 09:15:39 +00:00
|
|
|
saml2 allow self registration=False
|
|
|
|
|
saml2 default nameid=transient
|
|
|
|
|
saml2 default email domain=fedoraproject.org
|
|
|
|
|
saml2 session database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_saml2_name }}
|
2015-09-30 10:51:08 +00:00
|
|
|
|
|
|
|
|
[saml2_data]
|
|
|
|
|
{% if env == 'staging' %}
|
2015-09-30 10:55:03 +00:00
|
|
|
{% include "saml2_data_stg" %}
|
2015-09-30 10:51:08 +00:00
|
|
|
{% else %}
|
2015-09-30 10:55:03 +00:00
|
|
|
{% include "saml2_data" %}
|
2015-09-30 10:51:08 +00:00
|
|
|
{% endif %}
|
