diff --git a/roles/fedoauth/templates/fedoauth.cfg b/roles/fedoauth/templates/fedoauth.cfg index 33832af2c4..a745993f8f 100644 --- a/roles/fedoauth/templates/fedoauth.cfg +++ b/roles/fedoauth/templates/fedoauth.cfg @@ -49,17 +49,19 @@ PERSONA_PRIVATE_KEY_PASSPHRASE = '{{ fedoauth_persona_key_passphrase }}' # OPENID CONFIGURATION # This is the OpenID url provided to users. Add %(username)s where the username should be entered # A list of trust roots for which the user will not need to confirm again -OPENID_TRUSTED_ROOTS = ['http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin', - 'https://ask.fedoraproject.org/', - 'https://fedorahosted.org/', - 'https://badges.fedoraproject.org', - 'https://apps.fedoraproject.org/tagger/', - 'https://apps.fedoraproject.org/nuancier/', - 'https://apps.fedoraproject.org/datagrepper/', - 'https://apps.fedoraproject.org/calendar/', - 'http://apps.fedoraproject.org/notifications/', - 'http://copr.fedoraproject.org/', - 'http://copr-fe.cloud.fedoraproject.org/'] +OPENID_TRUSTED_ROOTS = [] +# Currently all kicked out due to them being on the list for the covert check +# 'http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin', +# 'https://ask.fedoraproject.org/', +# 'https://fedorahosted.org/', +# 'https://badges.fedoraproject.org', +# 'https://apps.fedoraproject.org/tagger/', +# 'https://apps.fedoraproject.org/nuancier/', +# 'https://apps.fedoraproject.org/datagrepper/', +# 'https://apps.fedoraproject.org/calendar/', +# 'http://apps.fedoraproject.org/notifications/', +# 'http://copr.fedoraproject.org/', +# 'http://copr-fe.cloud.fedoraproject.org/'] OPENID_NON_TRUSTED_ROOTS = [] ### The maximum time after which the user must re-authenticate for OpenID in minutes (use 0 for no limit) OPENID_MAX_AUTH_TIME = 120