Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Update OIDC settings for newer versions of plugins

Browse source 
mediawiki-OpenIDConnect and mediawiki-PluggableAuth are updated to newer
versions, and the config setup has changed. this tweaks it for the wiki
stage.

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This commit is contained in:
Ryan Lercho 2022-06-13 19:54:49 +10:00
parent 98b0d6f803
commit f9a1fd07e8
1 changed files with 19 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

23
roles/mediawiki/templates/LocalSettings.php.fp.j2
View file

@ -595,22 +595,37 @@ require_once('/usr/share/php/Fedora/Autoloader/autoload.php');
$wgPluggableAuth_EnableAutoLogin = false;
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_EnableLocalProperties = false;
{% if env == "production" %}
$wgPluggableAuth_Class = 'OpenIDConnect';
{% endif %}
$wgGroupPermissions['*']['autocreateaccount'] = true;
{% if env == "production" %}
$wgOpenIDConnect_Config['https://id{{ env_suffix }}.fedoraproject.org/openidc/'] = [
'clientID' => 'fpwiki',
{% if env == "staging" %}
'clientsecret' => '{{ fpwiki_stg_client_secret }}',
{% else %}
'clientsecret' => '{{ fpwiki_prod_client_secret }}',
{% endif %}
'name' => "Fedora Authentication",
'scope' => [ 'openid', 'profile', 'email',
'https://id.fedoraproject.org/scope/groups',
'https://id.fedoraproject.org/scope/agreements' ]
];
{% else %}
$wgPluggableAuth_Config[] = [
'plugin' => 'OpenIDConnect',
'data' => [
'providerURL' => 'https://id{{ env_suffix }}.fedoraproject.org/openidc/',
'clientID' => 'fpwiki',
'clientsecret' => '{{ fpwiki_stg_client_secret }}',
'scope' => [ 'openid', 'profile', 'email',
'https://id.fedoraproject.org/scope/groups',
'https://id.fedoraproject.org/scope/agreements' ]
]
];
{% endif %}
$wgOpenIDConnect_UseRealNameAsUserName = false;
$wgOpenIDConnect_UseEmailNameAsUserName = false;
$wgOpenIDConnect_MigrateUsersByUserName = false;