Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

We now remove everyone from the whitelist for now.

Browse source 
They will be re-enabled as we check the for vulnerability level to the covert redirect bug.
This commit is contained in:
Patrick Uiterwijk 2014-05-02 22:41:49 +00:00
parent d9b9af1ed5
commit 8b2961af2b
1 changed files with 13 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

24
roles/fedoauth/templates/fedoauth.cfg
View file

@ -49,17 +49,19 @@ PERSONA_PRIVATE_KEY_PASSPHRASE = '{{ fedoauth_persona_key_passphrase }}'
# OPENID CONFIGURATION # OPENID CONFIGURATION
# This is the OpenID url provided to users. Add %(username)s where the username should be entered # This is the OpenID url provided to users. Add %(username)s where the username should be entered
# A list of trust roots for which the user will not need to confirm again # A list of trust roots for which the user will not need to confirm again
OPENID_TRUSTED_ROOTS = ['http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin', OPENID_TRUSTED_ROOTS = []
'https://ask.fedoraproject.org/', # Currently all kicked out due to them being on the list for the covert check
'https://fedorahosted.org/', # 'http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin',
'https://badges.fedoraproject.org', # 'https://ask.fedoraproject.org/',
'https://apps.fedoraproject.org/tagger/', # 'https://fedorahosted.org/',
'https://apps.fedoraproject.org/nuancier/', # 'https://badges.fedoraproject.org',
'https://apps.fedoraproject.org/datagrepper/', # 'https://apps.fedoraproject.org/tagger/',
'https://apps.fedoraproject.org/calendar/', # 'https://apps.fedoraproject.org/nuancier/',
'http://apps.fedoraproject.org/notifications/', # 'https://apps.fedoraproject.org/datagrepper/',
'http://copr.fedoraproject.org/', # 'https://apps.fedoraproject.org/calendar/',
'http://copr-fe.cloud.fedoraproject.org/'] # 'http://apps.fedoraproject.org/notifications/',
# 'http://copr.fedoraproject.org/',
# 'http://copr-fe.cloud.fedoraproject.org/']
OPENID_NON_TRUSTED_ROOTS = [] OPENID_NON_TRUSTED_ROOTS = []
### The maximum time after which the user must re-authenticate for OpenID in minutes (use 0 for no limit) ### The maximum time after which the user must re-authenticate for OpenID in minutes (use 0 for no limit)
OPENID_MAX_AUTH_TIME = 120 OPENID_MAX_AUTH_TIME = 120