forked from ISTI-ansible-roles/ansible-roles
103 lines
3.3 KiB
YAML
103 lines
3.3 KiB
YAML
---
|
|
simplesaml_dist_name: Simplesaml
|
|
simplesaml_major: 1
|
|
simplesaml_minor: 17
|
|
simplesaml_fix: 2
|
|
simplesaml_dist_version: '{{ simplesaml_major }}.{{ simplesaml_minor }}.{{ simplesaml_fix }}'
|
|
simplesaml_dist_basename: 'simplesamlphp-{{ simplesaml_dist_version }}'
|
|
simplesaml_dist_file: '{{ simplesaml_dist_basename }}.tar.gz'
|
|
simplesaml_download_file: '{{ simplesaml_dist_basename }}.tar.gz'
|
|
simplesaml_tar_url: 'https://github.com/simplesamlphp/simplesamlphp/releases/download/v{{ simplesaml_dist_version }}/{{ simplesaml_dist_file }}'
|
|
simplesaml_srv_base_dir: /srv/simplesaml
|
|
simplesaml_download_dir: /srv/simplesaml_download
|
|
simplesaml_tmp_dir: '{{ simplesaml_srv_base_dir }}/tmp/'
|
|
simplesaml_cert_dir: '{{ simplesaml_srv_base_dir }}/cert/'
|
|
simplesaml_data_dir: '{{ simplesaml_srv_base_dir }}/data/'
|
|
simplesaml_maintenance_dir: '{{ simplesaml_srv_base_dir }}/maintenance'
|
|
simplesaml_log_dir: /var/log/simplesaml
|
|
simplesaml_install_dir: /var/simplesamlphp
|
|
simplesaml_user: simplesaml
|
|
simplesaml_tech_name: 'Administrator'
|
|
simplesaml_tech_email: 'na@example.org'
|
|
# simplesaml_admin_password: use a vault file
|
|
simplesaml_protectindexpage: 'true'
|
|
simplesaml_protectmetadata: 'false'
|
|
# ERR, WARNING, NOTICE, INFO, DEBUG
|
|
simplesaml_loglevel: NOTICE
|
|
|
|
# Change this one when we are setting up a cluster of simplesaml servers
|
|
simplesaml_create_self_signed_cert_host: '{{ ansible_fqdn }}'
|
|
simplesaml_provide_an_external_cert: False
|
|
simplesaml_servername: '{{ ansible_fqdn }}'
|
|
|
|
simplesaml_enable_saml20_idp: 'true'
|
|
simplesaml_enable_shib13_idp: 'false'
|
|
simplesaml_enable_adfs_idp: 'false'
|
|
simplesaml_enable_wsfed_sp: 'false'
|
|
simplesaml_webcookie: 'false'
|
|
|
|
simplesaml_cookiename: 'SimpleSAML'
|
|
simplesaml_httponly: 'true'
|
|
|
|
simplesaml_language_default: 'en'
|
|
|
|
# The sp-remote sytax is quite complex
|
|
simplesaml_global_sp_remote_template: False
|
|
simplesaml_global_metadata: []
|
|
|
|
simplesaml_php_prereq:
|
|
- 'php-date'
|
|
- 'php{{ php_version }}-cli'
|
|
- 'php{{ php_version }}-xml'
|
|
- 'php{{ php_version }}-mbstring'
|
|
- 'php-json'
|
|
- php-pear
|
|
- php-curl
|
|
|
|
simplesaml_session_store: 'memcache'
|
|
|
|
simplesaml_use_redis_sessions: False
|
|
simplesaml_redis_host: '127.0.0.1'
|
|
simplesaml_php_redis_driver:
|
|
- 'libphp-predis'
|
|
- 'php-redis'
|
|
|
|
simplesaml_use_ldap: True
|
|
simplesaml_php_ldap_driver:
|
|
- 'php{{ php_version }}-ldap'
|
|
|
|
simplesaml_use_memcache_sessions: True
|
|
simplesaml_php_memcache_driver:
|
|
- 'php-memcache'
|
|
|
|
simplesaml_memcache_hosts:
|
|
- { host: '127.0.0.1', port: 11211 }
|
|
|
|
|
|
simplesaml_use_postgresql: False
|
|
simplesaml_php_pg_driver:
|
|
- 'php{{ php_version }}-pgsql'
|
|
|
|
simplesaml_use_mysql: False
|
|
simplesaml_php_my_driver:
|
|
- 'php{{ php_version }}-mysqlnd'
|
|
|
|
simplesaml_ldap_name: 'example-ldap'
|
|
simplesaml_ldap_host: 'ldap.example.org'
|
|
simplesaml_ldap_enable_tls: 'true'
|
|
simplesaml_ldap_debug: 'false'
|
|
simplesaml_ldap_server_timeout: 0
|
|
simplesaml_ldap_server_port: 389
|
|
simplesaml_ldap_dnpattern: 'uid=%username%,ou=people,dc=example,dc=org'
|
|
simplesaml_ldap_search_enabled: 'false'
|
|
simplesaml_ldap_auth_bind: False
|
|
#simplesaml_ldap_search_username: ''
|
|
#simplesaml_ldap_search_password: ''
|
|
simplesaml_ldap_search_filter_enabled: '{{ simplesaml_ldap_search_enabled }}'
|
|
simplesaml_ldap_search_filter: '(objectclass=inetorgperson)'
|
|
simplesaml_ldap_search_base: 'ou=people,dc=example,dc=org'
|
|
simplesaml_ldap_search_attributes: "['uid', 'mail']"
|
|
simplesaml_ldap_use_uri_nameformat: False
|
|
|
|
simplesaml_auth_name: '{{ simplesaml_ldap_name }}'
|