Add auth_openidc config
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk
parent
e3fa9ffb23
commit
bf392d6e41
2 changed files with 19 additions and 0 deletions
|
|
@ -23,6 +23,13 @@
|
|||
- distgit
|
||||
when: env == "staging"
|
||||
|
||||
- name: install the mod_auth_openidc configuration
|
||||
copy: src=auth_openidc.conf dest=/etc/httpd/conf.d/auth_openidc.conf
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
- distgit
|
||||
|
||||
- name: Put in git service config
|
||||
copy: src=git@.service dest=/etc/systemd/system/git@.service
|
||||
tags:
|
||||
|
|
|
|||
12
roles/distgit/templates/auth_openidc.conf
Normal file
12
roles/distgit/templates/auth_openidc.conf
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
OIDCOAuthIntrospectionEndpoint https://id{{env_suffix}}.fedoraproject.org/openidc/TokenInfo
|
||||
OIDCOAuthClientID distgit
|
||||
{% if env == "staging" %}
|
||||
OIDCOAuthClientSecret {{ distgit_oidc_client_secret_stg }}
|
||||
{% else %}
|
||||
OIDCOAuthClientSecret {{ distgit_oidc_client_secret_prod }}
|
||||
{% endif %}
|
||||
OIDCOAuthIntrospectionEndpointAuth client_secret_post
|
||||
OIDCOAuthIntrospectionEndpointMethod POST
|
||||
OIDCOAuthTokenIntrospectionInterval 60
|
||||
OIDCOAuthSSLValidateServerA On
|
||||
OIDCOAuthAcceptTokenAs basic
|
||||
Loading…
Add table
Add a link
Reference in a new issue