mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-31 23:58:57 +02:00
Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation
This commit is contained in:
@@ -0,0 +1,24 @@
|
||||
http_address = "0.0.0.0:4180"
|
||||
cookie_secret = "{{ applications[oauth2_proxy_application_id].credentials.oauth2_proxy_cookie_secret }}"
|
||||
cookie_secure = "true" # True is necessary to force the cookie set via https
|
||||
upstreams = "http://{{ applications[oauth2_proxy_application_id].oauth2_proxy.application }}:{{ applications[oauth2_proxy_application_id].oauth2_proxy.port }}"
|
||||
cookie_domains = ["{{ domains | get_domain(oauth2_proxy_application_id) }}", "{{ domains | get_domain('keycloak') }}"] # Required so cookie can be read on all subdomains.
|
||||
whitelist_domains = [".{{ primary_domain }}"] # Required to allow redirection back to original requested target.
|
||||
|
||||
# keycloak provider
|
||||
client_secret = "{{ oidc.client.secret }}"
|
||||
client_id = "{{ oidc.client.id }}"
|
||||
redirect_url = "{{ web_protocol }}://{{ domains | get_domain(oauth2_proxy_application_id) }}/oauth2/callback"
|
||||
oidc_issuer_url = "{{ oidc.client.issuer_url }}"
|
||||
provider = "oidc"
|
||||
provider_display_name = "{{ oidc.button_text }}"
|
||||
|
||||
{% if applications[oauth2_proxy_application_id].oauth2_proxy.allowed_groups is defined %}
|
||||
{# role based restrictions #}
|
||||
scope = "openid email profile {{ oidc.claims.groups }}"
|
||||
oidc_groups_claim = "{{ oidc.claims.groups }}"
|
||||
allowed_groups = {{ applications[oauth2_proxy_application_id].oauth2_proxy.allowed_groups | tojson }}
|
||||
email_domains = ["*"]
|
||||
{% else %}
|
||||
email_domains = "{{ primary_domain }}"
|
||||
{% endif %}
|
||||
Reference in New Issue
Block a user