[login_config]
global enabled=gssapi

[info_config]
global enabled=


[authz_config]
global enabled=allow

[provider_config]
global enabled=openid,saml2,openidc

openidc enabled extensions=

openidc subject salt={{ ipsilon_openidc_subject_salt }}
openidc endpoint url=https://id.opensuse.org/openidc/
openidc idp key file=/etc/ipsilon/openidc.key
openidc database url=postgresql://{{ pillar['profile']['identification']['database_user'] }}:{{ pillar['postgres']['users']['identification']['password'] }}@{{ pillar['profile']['identification']['database_host'] }}/ipsilon_openid
openidc static database url=configfile:///etc/ipsilon/openidc.static.cfg
openidc documentation url=
openidc policy url=https://en.opensuse.org/Terms_of_site
openidc tos url=https://en.opensuse.org/Terms_of_site
openidc idp sig key id=20200224-sig
openidc allow dynamic client registration=False
openidc default attribute mapping=[["*", "*"], ["timezone", "zoneinfo"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "preferred_username"]]

openid endpoint url=https://id.opensuse.org/openid/
openid identity url template=http://%(username)s.id.opensuse.org/
openid trusted roots=
openid database url=postgresql://{{ pillar['profile']['identification']['database_user'] }}:{{ pillar['postgres']['users']['identification']['password'] }}@{{ pillar['profile']['identification']['database_host'] }}/ipsilon_openid
openid untrusted roots=
openid enabled extensions=

saml2 idp storage path=/etc/ipsilon
saml2 idp metadata file=/httpdir/metadata.xml
saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }}
saml2 idp certificate file=saml2_idp.crt
saml2 idp key file=saml2_idp.key
saml2 allow self registration=False
saml2 default nameid=transient
saml2 default email domain=opensuse.org
saml2 session database url=postgresql://{{ pillar['profile']['identification']['database_user'] }}:{{ pillar['postgres']['users']['identification']['password'] }}@{{ pillar['profile']['identification']['database_host'] }}/ipsilon_saml2

[saml2_data]