-
Notifications
You must be signed in to change notification settings - Fork 138
Expand file tree
/
Copy pathtuw_oidc_frontend.yaml.example
More file actions
50 lines (46 loc) · 1.53 KB
/
tuw_oidc_frontend.yaml.example
File metadata and controls
50 lines (46 loc) · 1.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#
# based on the example OIDC frontend configuration:
# https://github.com/IdentityPython/SATOSA/blob/master/example/plugins/frontends/openid_connect_frontend.yaml.example
#
module: "satosa.frontends.openid_connect.OpenIDConnectFrontend"
name: "oidc"
config:
signing_key_path: !ENV SATOSA_OIDC_KEY_FILE
signing_key_id: "oidc"
# Defines the database connection URI for the databases:
# - authz_code_db
# - access_token_db
# - refresh_token_db
# - sub_db
# - user_db
#
# supported storage backends:
# - In-memory dictionary
# - MongoDB (e.g. mongodb://db.example.com)
# - Redis (e.g. redis://example/0)
# - Stateless (eg. stateless://user:encryptionkey?alg=aes256)
#
# This configuration is optional.
# By default, the in-memory storage is used.
#db_uri: mongodb://db.example.com
# Where to store clients.
#
# If client_db_uri is set, the database connection is used.
# Otherwise, if client_db_path is set, the JSON file is used.
# By default, an in-memory dictionary is used.
#client_db_uri: mongodb://db.example.com
client_db_path: "oidc-clients.json"
# if not specified, it is randomly generated on every startup
sub_hash_salt: !ENV SATOSA_OIDC_HASH_SALT
sub_mirror_public: true
provider:
client_registration_supported: false
response_types_supported: ["code"]
subject_types_supported: ["pairwise"]
scopes_supported: ["openid", "email", "profile", "extras"]
extra_scopes:
extras:
- "affiliation"
- "uid"
id_token_lifetime: 60
extra_id_token_claims: {}