OIDC extensions are enabled per deployment stage

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-02-07 13:28:59 +00:00 · 2017-02-07 13:28:59 +00:00 · f17603c675
commit f17603c675
parent aec762338c
1 changed files with 6 additions and 1 deletions
--- a/roles/ipsilon/templates/configuration.conf
+++ b/roles/ipsilon/templates/configuration.conf
@ -22,6 +22,12 @@ global enabled=allow
 [provider_config]
 global enabled=persona,openid,saml2,openidc

+{% if env == "production" %}
+openidc enabled extensions=fedora-account
+{% else %}
+openidc enabled extensions=fedora-account
+{% endif %}
+
 {% if env == 'staging' %}
 persona allowed domains=stg.fedoraproject.org
 {% else %}
@ -39,7 +45,6 @@ openidc endpoint url=https://id{{env_suffix}}.fedoraproject.org/openidc/
 openidc idp key file=/etc/ipsilon/openidc{{env_suffix}}.key
 openidc database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
 openidc static database url=configfile:///etc/ipsilon/openidc.static.cfg
-openidc enabled extensions=fedora-account
 openidc documentation url=https://fedoraproject.org/wiki/Infrastructure/Authentication
 openidc policy url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
 openidc tos url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy