From 1e9a1e4c5a8c60662bd18e6b9a2233a77ca64c47 Mon Sep 17 00:00:00 2001 From: Mauro Mugnaini Date: Thu, 16 Oct 2025 17:34:29 +0200 Subject: [PATCH] Very basic TIP based default configuration YAML, to be expanded if needed. Implementation already handle all cases --- templates/tip.yaml.j2 | 55 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 templates/tip.yaml.j2 diff --git a/templates/tip.yaml.j2 b/templates/tip.yaml.j2 new file mode 100644 index 0000000..db89b20 --- /dev/null +++ b/templates/tip.yaml.j2 @@ -0,0 +1,55 @@ +tip: + fallback_issuer_unknown_token_issuer: + issuer_url: {{ proxy_introspection_issuer }} +# introspection_endpoint: https://issuer.example.com/introspect + client_id: {{ proxy_introspection_client_id }} + client_secret: {{ proxy_introspection_client_secret }} +# this part is not configured but is supported in the custom introspection provider +# drop_claims: +# - todrop1 +# - todrop2 +# claim_renaming: +# weird_groups: groups +# bad_username: username +# claim_mapping: +# strings: +# sub: +# one-sub: other-sub +# string_arrays: +# super-entitlements: +# hpc: +# - compute +# weird_groups: +# all-users: +# - users +# special-users: +# - admins +# - dev + fallback_issuer_unsupported_token_issuer: +# Not configured bu the synatx is the same of the 'fallback_issuer_unknown_token_issuer' + remote_issuers: + - issuer_url: {{ proxy_introspection_issuer }} + # introspection_endpoint: https://issuer.example.com/introspect + client_id: {{ proxy_introspection_client_id }} + client_secret: {{ proxy_introspection_client_secret }} +# this part is not configured but is supported in the custom introspection provider +# drop_claims: +# - todrop1 +# - todrop2 +# claim_renaming: +# weird_groups: groups +# user_id: username +# claim_mapping: +# strings: +# sub: +# one-sub: other-sub +# string_arrays: +# entitlements: +# hpc: +# - compute +# weird_groups: +# all-users: +# - users +# special-users: +# - admins +# - dev \ No newline at end of file