From f17603c675052f876571a3e83473f5256d68a196 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Tue, 7 Feb 2017 13:28:59 +0000
Subject: [PATCH] OIDC extensions are enabled per deployment stage

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/ipsilon/templates/configuration.conf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/ipsilon/templates/configuration.conf b/roles/ipsilon/templates/configuration.conf
index 9b5d0d9750..f789413b38 100644
--- a/roles/ipsilon/templates/configuration.conf
+++ b/roles/ipsilon/templates/configuration.conf
@@ -22,6 +22,12 @@ global enabled=allow
 [provider_config]
 global enabled=persona,openid,saml2,openidc
 
+{% if env == "production" %}
+openidc enabled extensions=fedora-account
+{% else %}
+openidc enabled extensions=fedora-account
+{% endif %}
+
 {% if env == 'staging' %}
 persona allowed domains=stg.fedoraproject.org
 {% else %}
@@ -39,7 +45,6 @@ openidc endpoint url=https://id{{env_suffix}}.fedoraproject.org/openidc/
 openidc idp key file=/etc/ipsilon/openidc{{env_suffix}}.key
 openidc database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
 openidc static database url=configfile:///etc/ipsilon/openidc.static.cfg
-openidc enabled extensions=fedora-account
 openidc documentation url=https://fedoraproject.org/wiki/Infrastructure/Authentication
 openidc policy url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
 openidc tos url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy