application.yml 3.48 KB
Newer Older
1 2
#contextPath: /dme
#baseUrl: https://c105-229.cloud.gwdg.de${contextPath:/}
3
baseUrl: http://localhost:8080
4

Gradl, Tobias's avatar
Gradl, Tobias committed
5 6 7 8 9 10
spring:
  mvc:
    view:
      prefix: /WEB-INF/views/
      suffix: .jsp

Gradl, Tobias's avatar
Gradl, Tobias committed
11 12 13 14
logging:
  level:
    web: DEBUG

Gradl, Tobias's avatar
Gradl, Tobias committed
15
auth:
16 17 18
  baseUrl: ${baseUrl}
  defaultLoginUrl: ${auth.baseUrl}
  defaultLogoutUrl: ${auth.baseUrl}
Gradl, Tobias's avatar
Gradl, Tobias committed
19
  salt: Qmwp4CO7LDkOUDouAcCcUqd9ZGNbRG5Jyr5lpntOuB9
20 21
  permissionHierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
  permissionDefinitions:
22
    - permissionSet: ROLE_ADMINISTRATOR
23
      level: 100
24
      roleMappings: 
25
        local: ["application_admin"]
Gradl, Tobias's avatar
Gradl, Tobias committed
26
        saml: ["generic-search-admins"]       
27
    - permissionSet: ROLE_CONTRIBUTOR
28
      level: 50
29
      roleMappings:
30
        local: ["application_contributor"]
Gradl, Tobias's avatar
Gradl, Tobias committed
31
        saml: ["generic-search-contributors"]
32
    - permissionSet: ROLE_USER
33
      level: 10
34
      roleMappings:
35
        local: ["application_user"]
Gradl, Tobias's avatar
Gradl, Tobias committed
36
        saml: ["application_user"]
Gradl, Tobias's avatar
Gradl, Tobias committed
37
  local:
38
    order: 0
39
    enabled: true
40
    authorizerName: local
41
    # Same password for each user: 1234
Gradl, Tobias's avatar
Gradl, Tobias committed
42 43
    users:
      - username: 'admin'
44
        passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
45
        roles: ["application_admin"]
46 47
      - username: 'contributor'
        passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
48
        roles: ["application_contributor"]
49 50
      - username: 'user'
        passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
51
        roles: ["application_user"]
Gradl, Tobias's avatar
Gradl, Tobias committed
52
  saml:
53 54
    order: 1
    enabled: true
Gradl, Tobias's avatar
Gradl, Tobias committed
55
    authorizerName: saml
Gradl, Tobias's avatar
Gradl, Tobias committed
56
    keystore:
57 58 59 60
      #path: /path/to/keystore.jks
      path: classpath:sample_keystore.jks
      pass: keystore_password
      alias: keypair_alias
61
      aliaspass: keypass
Gradl, Tobias's avatar
Gradl, Tobias committed
62
    metadata:
63
      url: https://aaiproxy.de.dariah.eu/idp/
Gradl, Tobias's avatar
Gradl, Tobias committed
64
    sp:
Gradl, Tobias's avatar
Gradl, Tobias committed
65
      #metadataResource: /data/_srv/dariahsp/sp_metadata.xml
Gradl, Tobias's avatar
Gradl, Tobias committed
66
      maxAuthAge: -1
67
      entityId: ${baseUrl}
Gradl, Tobias's avatar
Gradl, Tobias committed
68
      signMetadata: true
69 70
      #signingMethods: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
      #digestMethods: http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmlenc#sha512
Gradl, Tobias's avatar
Gradl, Tobias committed
71
      #supportedProtocols: urn:oasis:names:tc:SAML:2.0:protocol
72 73 74 75 76
      authnRequestSigned: true
      logoutRequestSigned: true
      wantsAssertionsSigned: true
      wantsResponsesSigned: false
      httpClientTimoutMs: 2000
Gradl, Tobias's avatar
Gradl, Tobias committed
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
      attributesIncompleteRedirectUrl: https://auth.de.dariah.eu/cgi-bin/selfservice/ldapportal.pl
      attributeGroups:
        - check: AND
          attributes:
            - friendlyName: dariahTermsOfUse
              name: urn:oid:1.3.6.1.4.1.10126.1.52.4.15
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
              #value: Terms_of_Use_germ_engl_v6.pdf
            - friendlyName: eduPersonPrincipalName
              mappedAttribute: id
              name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
        - check: OPTIONAL
          attributes:
            - friendlyName: mail
              name: urn:oid:0.9.2342.19200300.100.1.3
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
            - friendlyName: displayName
              mappedAttribute: username
              name: urn:oid:2.16.840.1.113730.3.1.241
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
            - friendlyName: isMemberOf
              mappedAttribute: externalRoles
              name: urn:oid:1.3.6.1.4.1.5923.1.5.1.1
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri