forked from OpenLiberty/ci.docker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsso-oidc.xml
39 lines (36 loc) · 2 KB
/
sso-oidc.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?xml version="1.0" encoding="UTF-8"?>
<server>
<!-- defaults from the server metatype.xml are declared as variables here
If nothing is passed in elsewhere, the defaults will prevail.
Required parameters have no defaults, so are not defined here.
The required parameters are
clientId, clientSecret and discoveryEndpoint
-->
<variable name="SEC_SSO_REDIRECTTORPHOSTANDPORT" defaultValue="" />
<variable name="SEC_SSO_OIDC_GROUPNAMEATTRIBUTE" defaultValue=""/>
<variable name="SEC_SSO_OIDC_USERNAMEATTRIBUTE" defaultValue="sub"/>
<variable name="SEC_SSO_OIDC_DISPLAYNAME" defaultValue="oidcLogin"/>
<variable name="SEC_SSO_OIDC_USERINFOENDPOINTENABLED" defaultValue="false"/>
<variable name="SEC_SSO_MAPTOUSERREGISTRY" defaultValue="false"/>
<variable name="SEC_SSO_OIDC_REALMNAMEATTRIBUTE" defaultValue="iss"/>
<variable name="SEC_SSO_OIDC_SCOPE" defaultValue="openid profile email"/>
<variable name="SEC_SSO_OIDC_TOKENENDPOINTAUTHMETHOD" defaultValue="client_secret_post"/>
<variable name="SEC_SSO_OIDC_HOSTNAMEVERIFICATIONENABLED" defaultValue="true" />
<!-- the id attribute will not be substituted -->
<oidcLogin
id="oidc"
clientId="${SEC_SSO_OIDC_CLIENTID}"
clientSecret="${SEC_SSO_OIDC_CLIENTSECRET}"
redirectToRPHostAndPort="${SEC_SSO_REDIRECTTORPHOSTANDPORT}"
discoveryEndpoint="${SEC_SSO_OIDC_DISCOVERYENDPOINT}"
groupNameAttribute="${SEC_SSO_OIDC_GROUPNAMEATTRIBUTE}"
userNameAttribute="${SEC_SSO_OIDC_USERNAMEATTRIBUTE}"
displayName="${SEC_SSO_OIDC_DISPLAYNAME}"
userInfoEndpointEnabled="${SEC_SSO_OIDC_USERINFOENDPOINTENABLED}"
mapToUserRegistry="${SEC_SSO_MAPTOUSERREGISTRY}"
realmNameAttribute="${SEC_SSO_OIDC_REALMNAMEATTRIBUTE}"
scope="${SEC_SSO_OIDC_SCOPE}"
tokenEndpointAuthMethod="${SEC_SSO_OIDC_TOKENENDPOINTAUTHMETHOD}"
hostNameVerificationEnabled="${SEC_SSO_OIDC_HOSTNAMEVERIFICATIONENABLED}"
></oidcLogin>
</server>