Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

[wiki] apply new pluggable auth settings for prod

Browse source 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This commit is contained in:
Ryan Lercho 2022-06-13 21:56:43 +10:00
parent 9b794de8a4
commit e505abaa2f
1 changed files with 4 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

20
roles/mediawiki/templates/LocalSettings.php.fp.j2
View file

@ -605,35 +605,23 @@ $wgPluggableAuth_EnableAutoLogin = false;
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_EnableLocalProperties = false;
{% if env == "production" %}
$wgPluggableAuth_Class = 'OpenIDConnect';
{% endif %}
$wgGroupPermissions['*']['autocreateaccount'] = true;
{% if env == "production" %}
$wgOpenIDConnect_Config['https://id{{ env_suffix }}.fedoraproject.org/openidc/'] = [
'clientID' => 'fpwiki',
'clientsecret' => '{{ fpwiki_prod_client_secret }}',
'name' => "Fedora Authentication",
'scope' => [ 'openid', 'profile', 'email',
'https://id.fedoraproject.org/scope/groups',
'https://id.fedoraproject.org/scope/agreements' ]
];
{% else %}
$wgPluggableAuth_Config[] = [
'plugin' => 'OpenIDConnect',
'data' => [
'providerURL' => 'https://id{{ env_suffix }}.fedoraproject.org/openidc/',
'clientID' => 'fpwiki',
{% if env == "staging" %}
'clientsecret' => '{{ fpwiki_stg_client_secret }}',
{% else %}
'clientsecret' => '{{ fpwiki_prod_client_secret }}',
{% endif %}
'scope' => [ 'openid', 'profile', 'email',
'https://id.fedoraproject.org/scope/groups',
'https://id.fedoraproject.org/scope/agreements' ]
]
];
{% endif %}
$wgOpenIDConnect_UseRealNameAsUserName = false;
$wgOpenIDConnect_UseEmailNameAsUserName = false;