Refactor and cleanup OIDC, desktop, and web-app roles

- Improved OIDC variable definitions (12_oidc.yml) - Added account/security/profile URLs - Restructured web-app-desktop tasks and JS handling - Introduced oidc.js and iframe.js with runtime loader - Fixed nginx.conf, LDAP, and healthcheck templates spacing - Improved Lua injection for CSP and snippets - Fixed typos (WordPress, receive, etc.) - Added silent-check-sso nginx location Conversation: https://chatgpt.com/share/68ae0060-4fac-800f-9f02-22592a4087d3
2025-08-31 15:48:57 +02:00 · 2025-08-26 20:44:05 +02:00
parent ce033c370a
commit c182ecf516
33 changed files with 543 additions and 146 deletions
--- a/roles/web-app-desktop/templates/nginx/sso.html.conf.j2
+++ b/roles/web-app-desktop/templates/nginx/sso.html.conf.j2
@@ -0,0 +1,16 @@
+# Serve a static silent-check-sso.html file directly from memory
+location = {{ DESKTOP_LOCATION_SILENT_CHECK }} {
+    default_type text/html;
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header Cache-Control "no-store";
+
+    return 200 '<!DOCTYPE html>
+<html>
+  <head>
+    <title>Silent SSO</title>
+  </head>
+  <body>
+    Checking SSO...
+  </body>
+</html>';
+}