10:19 a.m.
commit e4b6d4a710ab4bad6ded7f4bca07b7f5fa88f252
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Sep 10 12:18:32 2016 +0200
Update ipsilon configuration
roles/ipsilon/templates/configuration.conf | 28 ++++------------------------
roles/ipsilon/templates/ipsilon.conf | 4 ++--
2 files changed, 6 insertions(+), 26 deletions(-)
---
diff --git a/roles/ipsilon/templates/configuration.conf
b/roles/ipsilon/templates/configuration.conf
index dd2bc0c..fc81907 100644
--- a/roles/ipsilon/templates/configuration.conf
+++ b/roles/ipsilon/templates/configuration.conf
@@ -12,11 +12,11 @@ fas FAS Insecure Auth=True
[provider_config]
-global enabled=persona,openid,saml2
+global enabled=persona,openid
{% if env == 'staging' %}
-persona allowed domains=stg.rpmfusion.org
-persona issuer domain=id.stg.rpmfusion.org
+persona allowed domains=stg.fedoraproject.org
+persona issuer domain=id.stg.fedoraproject.org
persona idp key file=/etc/ipsilon/persona.stg.key
{% else %}
persona allowed domains=fedoraproject.org
@@ -30,30 +30,10 @@ openid identity url
template=http://%(username)s.id.stg.rpmfusion.org/
openid trusted roots=
{% else %}
openid endpoint url=https://id.rpmfusion.org/openid/
-openid identity url template=http://%(username)s.id.rpmfusion.org/
+openid identity url template=http://id.rpmfusion.org/openid/id/%(username)s/
openid trusted
roots=https://admin.rpmfusion.org/pkgdb/,https://admin.rpmfusion.org/voti...
{% endif %}
openid database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{
ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
openid untrusted roots=
openid enabled extensions=Fedora Teams,Attribute Exchange,CLAs,Simple Registration,API
-saml2 idp storage path=/etc/ipsilon/saml2
-saml2 idp metadata file=metadata.xml
-{% if env == 'staging' %}
-saml2 idp nameid salt={{ ipsilon_stg_saml2_nameid_salt }}
-saml2 idp certificate file=certificate.stg.pem
-saml2 idp key file=certificate.stg.key
-{% else %}
-saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }}
-{% endif %}
-saml2 allow self registration=False
-saml2 default nameid=transient
-saml2 default email domain=fedoraproject.org
-saml2 session database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{
ipsilon_db_host }}/{{ ipsilon_db_saml2_name }}
-
-[saml2_data]
-{% if env == 'staging' %}
-{% include "saml2_data_stg" %}
-{% else %}
-{% include "saml2_data" %}
-{% endif %}
diff --git a/roles/ipsilon/templates/ipsilon.conf b/roles/ipsilon/templates/ipsilon.conf
index 312dd4d..b972e53 100644
--- a/roles/ipsilon/templates/ipsilon.conf
+++ b/roles/ipsilon/templates/ipsilon.conf
@@ -10,8 +10,8 @@ user.prefs.db = "postgresql://{{ ipsilon_db_user }}:{{
ipsilon_db_pass }}@{{ ips
transactions.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{
ipsilon_db_host }}/{{ ipsilon_db_transactions_name }}"
tools.sessions.on = True
-tools.sessions.name = "fedora_ipsilon_session_id"
-tools.sessions.storage_type = "Sql"
+tools.sessions.name = "rpmfusion_ipsilon_session_id"
+tools.sessions.storage_type = "sql"
tools.sessions.storage_dburi = "postgresql://{{ ipsilon_db_user }}:{{
ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_sessions_name }}"
tools.sessions.timeout = 60
tools.sessions.httponly = True