diff --git a/roles/ipsilon/templates/configuration.conf b/roles/ipsilon/templates/configuration.conf index 2e28f65a3a..60c1d8401a 100644 --- a/roles/ipsilon/templates/configuration.conf +++ b/roles/ipsilon/templates/configuration.conf @@ -34,11 +34,7 @@ openidc subject salt={{ ipsilon_stg_openidc_subject_salt }} openidc subject salt={{ ipsilon_openidc_subject_salt }} {% endif %} openidc endpoint url=https://id{{env_suffix}}.fedoraproject.org/openidc/ -{% if inventory_hostname.startswith('os-') %} openidc idp key file=/etc/ipsilon/openidc.key -{% else %} -openidc idp key file=/etc/ipsilon/openidc{{env_suffix}}.key -{% endif %} openidc database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }} openidc static database url=configfile:///etc/ipsilon/openidc.static.cfg openidc documentation url=https://fedoraproject.org/wiki/Infrastructure/Authentication @@ -59,19 +55,15 @@ openid database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ openid untrusted roots= openid enabled extensions=Fedora Teams,Attribute Exchange,CLAs,Simple Registration,API -saml2 idp storage path=/etc/ipsilon/saml2 -{% if inventory_hostname.startswith('os-') %} +saml2 idp storage path=/etc/ipsilon saml2 idp metadata file=/httpdir/metadata.xml -{% else %} -saml2 idp metadata file=metadata.xml -{% endif %} {% if env == 'staging' %} saml2 idp nameid salt={{ ipsilon_stg_saml2_nameid_salt }} {% else %} saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }} {% endif %} -saml2 idp certificate file=idp.crt -saml2 idp key file=idp.key +saml2 idp certificate file=saml2_idp.crt +saml2 idp key file=saml2_idp.key saml2 allow self registration=False saml2 default nameid=transient saml2 default email domain=fedoraproject.org diff --git a/roles/ipsilon/templates/ipsilon-httpd.conf.j2 b/roles/ipsilon/templates/ipsilon-httpd.conf.j2 index 2ec64ab045..7d9f65bae8 100644 --- a/roles/ipsilon/templates/ipsilon-httpd.conf.j2 +++ b/roles/ipsilon/templates/ipsilon-httpd.conf.j2 @@ -18,16 +18,11 @@ RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* /openid/id/$1/ [PT] Alias /ui /usr/share/ipsilon/ui WSGIScriptAlias / /usr/libexec/ipsilon WSGIPassAuthorization On -{% if inventory_hostname.startswith('os-') %} WSGIDaemonProcess ipsilon home=/var/lib/ipsilon processes=2 threads=2 maximum-requests=1000 WSGIApplicationGroup %{GLOBAL} WSGISocketPrefix /httpdir/run/wsgi WSGIRestrictStdout Off WSGIRestrictSignal Off -{% else %} -WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon processes=2 threads=2 maximum-requests=1000 -WSGIImportScript /usr/libexec/ipsilon process-group=ipsilon application-group=ipsilon -{% endif %}