kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-20 15:04:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Finished Wordpress OIDC implementation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-04-17 16:45:43 +02:00
parent 8f8796f598
commit ec5beff22f
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
3 changed files with 33 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
group_vars/all/11_iam.yml
View File

@ -28,6 +28,9 @@ defaults_oidc:
attributes: attributes:
# Attribut to identify the user # Attribut to identify the user
username: "preferred_username" username: "preferred_username"
given_name: "given_name"
family_name: "family_name"
email: "email"
############################################# #############################################
### LDAP ### ### LDAP ###

5
roles/docker-wordpress/templates/env.j2
View File

@ -2,3 +2,8 @@ WORDPRESS_DB_HOST= "{{database_host}}:{{database_port}}"
WORDPRESS_DB_USER= "{{database_username}}" WORDPRESS_DB_USER= "{{database_username}}"
WORDPRESS_DB_PASSWORD= "{{database_password}}" WORDPRESS_DB_PASSWORD= "{{database_password}}"
WORDPRESS_DB_NAME= "{{database_name}}" WORDPRESS_DB_NAME= "{{database_name}}"
# Debug flags
WP_DEBUG={{ enable_debug | lower }}
WP_DEBUG_LOG={{ enable_debug | lower }}
WP_DEBUG_DISPLAY={{ enable_debug | lower }}

21
roles/docker-wordpress/vars/oidc.yml
View File

@ -1,5 +1,6 @@
# vars/oidc.yml # vars/oidc.yml
# Defines OIDC settings for the OpenID Connect Generic plugin, with explanatory comments. # Defines OIDC settings for the OpenID Connect Generic plugin, with explanatory comments.
# @see https://github.com/oidc-wp/openid-connect-generic/blob/develop/includes/openid-connect-generic-option-settings.php
oidc_settings: oidc_settings:
client_id: "{{ oidc.client.id }}" # The client ID that identifies WordPress as the OIDC client. client_id: "{{ oidc.client.id }}" # The client ID that identifies WordPress as the OIDC client.
@ -8,8 +9,8 @@ oidc_settings:
endpoint_token: "{{ oidc.client.token_url }}" # URL of the token endpoint for exchanging authorization codes for tokens. endpoint_token: "{{ oidc.client.token_url }}" # URL of the token endpoint for exchanging authorization codes for tokens.
endpoint_userinfo: "{{ oidc.client.user_info_url }}" # URL of the userinfo endpoint to retrieve user profile data. endpoint_userinfo: "{{ oidc.client.user_info_url }}" # URL of the userinfo endpoint to retrieve user profile data.
endpoint_end_session: "{{ oidc.client.logout_url }}" # URL of the end-session endpoint to log users out of the IDP. endpoint_end_session: "{{ oidc.client.logout_url }}" # URL of the end-session endpoint to log users out of the IDP.
# login_type: "{{ oidc.client.login_type | default('') }}" # Determines how the login interface is rendered (e.g., button or form). login_type: "auto" # Determines how the login interface is rendered (e.g., button or form).
# scope: "{{ oidc.client.scope | default('openid profile email') }}" # Scopes requested from the OIDC provider during authentication. scope: "openid profile email" # Scopes requested from the OIDC provider during authentication.
create_if_does_not_exist: true # Auto-create a new WP user if one doesnt exist. create_if_does_not_exist: true # Auto-create a new WP user if one doesnt exist.
enforce_privacy: false # Require authentication for all site pages if set to true. enforce_privacy: false # Require authentication for all site pages if set to true.
link_existing_users: true # Link OIDC login to existing WP users by matching email. link_existing_users: true # Link OIDC login to existing WP users by matching email.
@ -18,11 +19,11 @@ oidc_settings:
#acr_values: "{{ oidc.client.acr_values | default('') }}" # ACR values defining required authentication context (e.g., MFA level). #acr_values: "{{ oidc.client.acr_values | default('') }}" # ACR values defining required authentication context (e.g., MFA level).
enable_logging: "{{ enable_debug }}" # Enable detailed plugin logging for debugging and auditing. enable_logging: "{{ enable_debug }}" # Enable detailed plugin logging for debugging and auditing.
# log_limit: "{{ oidc.client.log_limit | default('') }}" # Maximum number of log entries to retain before pruning. # log_limit: "{{ oidc.client.log_limit | default('') }}" # Maximum number of log entries to retain before pruning.
#no_sslverify # The flag to enable/disable SSL verification during authorization. no_sslverify: false # The flag to enable/disable SSL verification during authorization.
#http_request_timeout # The timeout for requests made to the IDP. Default value is 5. http_request_timeout: 5 # The timeout for requests made to the IDP. Default value is 5.
#identity_key # The key in the user claim array to find the user's identification data. identity_key: "{{ oidc.attributes.username }}" # The key in the user claim array to find the user's identification data.
#nickname_key # The key in the user claim array to find the user's nickname. nickname_key: "{{ oidc.attributes.username }}" # The key in the user claim array to find the user's nickname.
#email_format # The key(s) in the user claim array to formulate the user's email address. email_format: "{{ oidc.attributes.email }}" # The key(s) in the user claim array to formulate the user's email address.
#displayname_format # The key(s) in the user claim array to formulate the user's display name. displayname_format: "{{ oidc.attributes.given_name }} {{ oidc.attributes.family_name }}" # The key(s) in the user claim array to formulate the user's display name.
#identify_with_username # The flag which indicates how the user's identity will be determined. identify_with_username: true # The flag which indicates how the user's identity will be determined.
#state_time_limit # The valid time limit of the state, in seconds. Defaults to 180 seconds. state_time_limit: 180 # The valid time limit of the state, in seconds. Defaults to 180 seconds.