---
simplesaml_dist_name: Simplesaml
simplesaml_major: 1
simplesaml_minor: 17
simplesaml_fix: 2
simplesaml_dist_version: '{{ simplesaml_major }}.{{ simplesaml_minor }}.{{ simplesaml_fix }}' 
simplesaml_dist_basename: 'simplesamlphp-{{ simplesaml_dist_version }}'
simplesaml_dist_file: '{{ simplesaml_dist_basename }}.tar.gz'
simplesaml_download_file: '{{ simplesaml_dist_basename }}.tar.gz'
simplesaml_tar_url: 'https://github.com/simplesamlphp/simplesamlphp/releases/download/v{{ simplesaml_dist_version }}/{{ simplesaml_dist_file }}'
simplesaml_srv_base_dir: /srv/simplesaml
simplesaml_download_dir: /srv/simplesaml_download
simplesaml_tmp_dir: '{{ simplesaml_srv_base_dir }}/tmp/'
simplesaml_cert_dir: '{{ simplesaml_srv_base_dir }}/cert/'
simplesaml_data_dir: '{{ simplesaml_srv_base_dir }}/data/'
simplesaml_maintenance_dir: '{{ simplesaml_srv_base_dir }}/maintenance'
simplesaml_log_dir: /var/log/simplesaml
simplesaml_install_dir: /var/simplesamlphp
simplesaml_user: simplesaml
simplesaml_tech_name: 'Administrator'
simplesaml_tech_email: 'na@example.org'
# simplesaml_admin_password: use a vault file
simplesaml_protectindexpage: 'true'
simplesaml_protectmetadata: 'false'
# ERR, WARNING, NOTICE, INFO, DEBUG
simplesaml_loglevel: NOTICE

# Change this one when we are setting up a cluster of simplesaml servers
simplesaml_create_self_signed_cert_host: '{{ ansible_fqdn }}'
simplesaml_servername: '{{ ansible_fqdn }}'

simplesaml_enable_saml20_idp: 'true'
simplesaml_enable_shib13_idp: 'false'
simplesaml_enable_adfs_idp: 'false'
simplesaml_enable_wsfed_sp: 'false'
simplesaml_webcookie: 'false'

simplesaml_cookiename: 'SimpleSAML'
simplesaml_httponly: 'true'

simplesaml_language_default: 'en'

# The sp-remote sytax is quite complex
simplesaml_global_sp_remote_template: False
simplesaml_global_metadata: []

simplesaml_php_prereq:
  - 'php-date'
  - 'php{{ php_version }}-cli'
  - 'php{{ php_version }}-xml'
  - 'php{{ php_version }}-mbstring'
  - 'php-json'
  - php-pear
  - php-curl

simplesaml_session_store: 'memcache'

simplesaml_use_redis_sessions: False
simplesaml_redis_host: '127.0.0.1'
simplesaml_php_redis_driver:
  - 'libphp-predis'
  - 'php-redis'

simplesaml_use_ldap: True 
simplesaml_php_ldap_driver:
  - 'php{{ php_version }}-ldap'

simplesaml_use_memcache_sessions: True
simplesaml_php_memcache_driver:
  - 'php-memcache'

simplesaml_memcache_hosts:
  - { host: '127.0.0.1', port: 11211 }


simplesaml_use_postgresql: False
simplesaml_php_pg_driver:
  - 'php{{ php_version }}-pgsql'

simplesaml_use_mysql: False
simplesaml_php_my_driver:
  - 'php{{ php_version }}-mysqlnd'

simplesaml_ldap_name: 'example-ldap'
simplesaml_ldap_host: 'ldap.example.org'
simplesaml_ldap_enable_tls: 'true'
simplesaml_ldap_debug: 'false'
simplesaml_ldap_server_timeout: 0
simplesaml_ldap_server_port: 389
simplesaml_ldap_dnpattern: 'uid=%username%,ou=people,dc=example,dc=org'
simplesaml_ldap_search_enabled: 'false'
simplesaml_ldap_auth_bind: False
#simplesaml_ldap_search_username: ''
#simplesaml_ldap_search_password: ''
simplesaml_ldap_search_filter_enabled: '{{ simplesaml_ldap_search_enabled }}'
simplesaml_ldap_search_filter: '(objectclass=inetorgperson)'
simplesaml_ldap_search_base: 'ou=people,dc=example,dc=org'
simplesaml_ldap_search_attributes: "['uid', 'mail']"
simplesaml_ldap_use_uri_nameformat: False

simplesaml_auth_name: '{{ simplesaml_ldap_name }}'