mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-29 04:51:16 +08:00
51 lines
1.8 KiB
YAML
51 lines
1.8 KiB
YAML
---
|
|
- name: Configure SAML2 authentication
|
|
settings:
|
|
settings:
|
|
SAML_AUTO_CREATE_OBJECTS: true
|
|
SOCIAL_AUTH_SAML_SP_ENTITY_ID: https://awx.fedoraproject.org/
|
|
SOCIAL_AUTH_SAML_SP_PUBLIC_CERT:
|
|
"{{ lookup('file', '{{ private }}/files/awx/{{ env }}/awx-saml.crt') }}"
|
|
SOCIAL_AUTH_SAML_SP_PRIVATE_KEY:
|
|
"{{ lookup('file', '{{ private }}/files/awx/{{ env }}/awx-saml.key') }}"
|
|
SOCIAL_AUTH_SAML_ORG_INFO:
|
|
en-US:
|
|
url: https://awx.fedoraproject.org/
|
|
name: AWX
|
|
displayname: Ansible AWX
|
|
SOCIAL_AUTH_SAML_TECHNICAL_CONTACT:
|
|
emailAddress: infrastructure@lists.fedoraproject.org
|
|
givenName: Fedora Infrastructure
|
|
SOCIAL_AUTH_SAML_SUPPORT_CONTACT:
|
|
emailAddress: infrastructure@lists.fedoraproject.org
|
|
givenName: Fedora Infrastructure
|
|
SOCIAL_AUTH_SAML_ENABLED_IDPS:
|
|
fedora:
|
|
x509cert:
|
|
"{{ lookup(
|
|
'file',
|
|
'{{ private }}/files/saml2/{{ env }}/keys/idp.crt'
|
|
)
|
|
| regex_replace('\n', '')
|
|
}}"
|
|
attr_email: "email"
|
|
attr_first_name: "givenname"
|
|
attr_last_name: "surname"
|
|
attr_user_permanent_id: "name_id"
|
|
attr_username: "name_id"
|
|
entity_id: "https://id.fedoraproject.org/saml2/metadata"
|
|
url: "https://id.fedoraproject.org/saml2/SSO/Redirect"
|
|
SOCIAL_AUTH_SAML_SECURITY_CONFIG:
|
|
authnRequestsSigned: true
|
|
SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR:
|
|
is_superuser_attr: groups
|
|
is_superuser_value:
|
|
- sysadmin-main
|
|
SOCIAL_AUTH_SAML_ORGANIZATION_MAP: {}
|
|
SOCIAL_AUTH_SAML_TEAM_ATTR:
|
|
saml_attr: groups
|
|
remove: true
|
|
team_org_map:
|
|
- organization: Fedora
|
|
team: fedora-websites
|