Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SAML integration installation fields #43

Merged
merged 2 commits into from
Sep 25, 2024
Merged

Add SAML integration installation fields #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
616bccd
Add SAML integration installation fields
arbulu89 Sep 24, 2024
e722eec
Remove conditional jinjas as they are not required
arbulu89 Sep 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,27 @@ These variables are the defaults of our roles, if you want to override the prope
| oauth2_token_url | OAUTH2 token url, required when enable_oauth2 is true | |
| oauth2_user_url | OAUTH2 user information url, required when enable_oauth2 is true | |
| oauth2_scopes | OAUTH2 scopes, required when enable_oauth2 is true | "profile email" |
| enable_saml | Enable SAML integration, this disables the username/password authentication method (self exclusive SSO type) | false |
| saml_idp_id | SAML IDP id, required when enable_saml is true | |
| saml_idp_nameid_format | SAML IDP name id format, used to interpret the attribute name. Whole urn string must be used | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
| saml_sp_dir | SAML SP directory, where SP specific required files (such as certificates and metadata file) are placed | /etc/trento/trento-web/saml |
| saml_sp_id | SAML SP id, required when enable_saml is true | |
| saml_sp_entity_id | SAML SP entity id | |
| saml_sp_contact_name | SAML SP contact name | "Trento SP Admin" |
| saml_sp_contact_email | SAML SP contact email | "[email protected]" |
| saml_sp_org_name | SAML SP organization name | "Trento SP" |
| saml_sp_org_displayname | SAML SP organization display name | "SAML SP build with Trento" |
| saml_sp_org_url | SAML SP organization url | https://www.trento-project.io/ |
| saml_username_attr_name | SAML user profile "username" attribute field name. This attribute must exist in the IDP user | username |
| saml_email_attr_name | SAML user profile "email" attribute field name. This attribute must exist in the IDP user | email |
| saml_firstname_attr_name | SAML user profile "first name" attribute field name. This attribute must exist in the IDP user | firstName |
| saml_lastname_attr_name | SAML user profile "last name" attribute field name. This attribute must exist in the IDP user | lastName |
| saml_metadata_url | URL to retrieve the SAML metadata xml file. One of `saml_metadata_url` or `saml_metadata_content` is required | |
| saml_metadata_content | One line string containing the SAML metadata xml file content (`saml_metadata_url` has precedence over this) | |
| saml_sign_requests | Sign SAML requests in the SP side | true |
| saml_sign_metadata | Sign SAML metadata documents in the SP side | true |
| saml_signed_assertion | Require to receive SAML assertion signed from the IDP. Set to false if the IDP doesn't sign the assertion | true |
| saml_signed_envelopes | Require to receive SAML envelopes signed from the IDP. Set to false if the IDP doesn't sign the envelopes | true |
| install_nginx | Install nginx | true |
| nginx_ssl_cert_as_base64 | Nginx SSL certificate provided as base64 string | false |
| nginx_ssl_key_as_base64 | Nginx SSL key provided as base64 string | false |
Expand Down
21 changes: 21 additions & 0 deletions roles/app/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,24 @@ oauth2_authorize_url: ""
oauth2_token_url: ""
oauth2_user_url: ""
oauth2_scopes: "profile email"
enable_saml: "false"
saml_idp_id: ""
saml_idp_nameid_format: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
saml_sp_dir: "/etc/trento/trento-web/saml"
saml_sp_id: ""
saml_sp_entity_id: ""
saml_sp_contact_name: "Trento SP Admin"
saml_sp_contact_email: "[email protected]"
saml_sp_org_name: "Trento SP"
saml_sp_org_displayname: "SAML SP build with Trento"
saml_sp_org_url: "https://www.trento-project.io/"
saml_username_attr_name: "username"
saml_email_attr_name: "email"
saml_firstname_attr_name: "firstName"
saml_lastname_attr_name: "lastName"
saml_metadata_url: ""
saml_metadata_content: ""
saml_sign_requests: "true"
saml_sign_metadata: "true"
saml_signed_assertion: "true"
saml_signed_envelopes: "true"
21 changes: 21 additions & 0 deletions roles/app/tasks/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,3 +114,24 @@
OAUTH2_TOKEN_URL: "{{ oauth2_token_url }}"
OAUTH2_USER_URL: "{{ oauth2_user_url }}"
OAUTH2_SCOPES: "{{ oauth2_scopes }}"
ENABLE_SAML: "{{ enable_saml }}"
SAML_IDP_ID: "{{ saml_idp_id }}"
SAML_IDP_NAMEID_FORMAT: "{{ saml_idp_nameid_format }}"
SAML_SP_DIR: "{{ saml_sp_dir }}"
SAML_SP_ID: "{{ saml_sp_id }}"
SAML_SP_ENTITY_ID: "{{ saml_sp_entity_id }}"
SAML_SP_CONTACT_NAME: "{{ saml_sp_contact_name }}"
SAML_SP_CONTACT_EMAIL: "{{ saml_sp_contact_email }}"
SAML_SP_ORG_NAME: "{{ saml_sp_org_name }}"
SAML_SP_ORG_DISPLAYNAME: "{{ saml_sp_org_displayname }}"
SAML_SP_ORG_URL: "{{ saml_sp_org_url }}"
SAML_USERNAME_ATTR_NAME: "{{ saml_username_attr_name }}"
SAML_EMAIL_ATTR_NAME: "{{ saml_email_attr_name }}"
SAML_FIRSTNAME_ATTR_NAME: "{{ saml_firstname_attr_name }}"
SAML_LASTNAME_ATTR_NAME: "{{ saml_lastname_attr_name }}"
SAML_METADATA_URL: "{{ saml_metadata_url }}"
SAML_METADATA_CONTENT: "{{ saml_metadata_content }}"
SAML_SIGN_REQUESTS: "{{ saml_sign_requests }}"
SAML_SIGN_METADATA: "{{ saml_sign_metadata }}"
SAML_SIGNED_ASSERTION: "{{ saml_signed_assertion }}"
SAML_SIGNED_ENVELOPES: "{{ saml_signed_envelopes }}"
21 changes: 21 additions & 0 deletions roles/app/templates/trento-web.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,24 @@ OAUTH2_AUTHORIZE_URL={{ oauth2_authorize_url }}
OAUTH2_TOKEN_URL={{ oauth2_token_url }}
OAUTH2_USER_URL={{ oauth2_user_url }}
OAUTH2_SCOPES={{ oauth2_scopes }}
ENABLE_SAML: "{{ enable_saml }}"
SAML_IDP_ID: "{{ saml_idp_id }}"
SAML_IDP_NAMEID_FORMAT: "{{ saml_idp_nameid_format }}"
SAML_SP_DIR: "{{ saml_sp_dir }}"
SAML_SP_ID: "{{ saml_sp_id }}"
SAML_SP_ENTITY_ID: "{{ saml_sp_entity_id }}"
SAML_SP_CONTACT_NAME: "{{ saml_sp_contact_name }}"
SAML_SP_CONTACT_EMAIL: "{{ saml_sp_contact_email }}"
SAML_SP_ORG_NAME: "{{ saml_sp_org_name }}"
SAML_SP_ORG_DISPLAYNAME: "{{ saml_sp_org_displayname }}"
SAML_SP_ORG_URL: "{{ saml_sp_org_url }}"
SAML_USERNAME_ATTR_NAME: "{{ saml_username_attr_name }}"
SAML_EMAIL_ATTR_NAME: "{{ saml_email_attr_name }}"
SAML_FIRSTNAME_ATTR_NAME: "{{ saml_firstname_attr_name }}"
SAML_LASTNAME_ATTR_NAME: "{{ saml_lastname_attr_name }}"
SAML_METADATA_URL: "{{ saml_metadata_url }}"
SAML_METADATA_CONTENT: "{{ saml_metadata_content }}"
SAML_SIGN_REQUESTS: "{{ saml_sign_requests }}"
SAML_SIGN_METADATA: "{{ saml_sign_metadata }}"
SAML_SIGNED_ASSERTION: "{{ saml_signed_assertion }}"
SAML_SIGNED_ENVELOPES: "{{ saml_signed_envelopes }}"
Loading