config.sample.yml 3.31 KB
Newer Older
1
2
3
# Config options of the dariahsp core library
# Commented properties reflect default values
auth:
4
  #baseUrl: http://localhost:8080
5
6
  #defaultLoginUrl: ${auth.baseUrl}
  #defaultLogoutUrl: ${auth.baseUrl}
7
  salt: Qmwp4CO7LDkOUDouAcCcUqd9ZGNbRG5Jyr5lpntOuB9
8
9
10
  permissionHierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
  permissionDefinitions:
    - permissionSet: ADMINISTRATOR
11
      level: 100
12
      roleMappings: 
13
        local: ["application_admin"]
Gradl, Tobias's avatar
Gradl, Tobias committed
14
        saml: ["application_admin"]       
15
    - permissionSet: CONTRIBUTOR
16
      level: 50
17
      roleMappings:
18
        local: ["application_contributor"]
Gradl, Tobias's avatar
Gradl, Tobias committed
19
        saml: ["application_contributor"]
20
    - permissionSet: USER
21
      level: 10
22
      roleMappings:
23
        local: ["application_user"]
Gradl, Tobias's avatar
Gradl, Tobias committed
24
        saml: ["application_user"]
25
26
  local:
    enabled: true
27
    authorizerName: local
28
29
30
31
32
33
34
35
36
37
38
39
40
    # Same password for each user: 1234
    users:
      - username: 'admin'
        passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
        roles: ["application_admin"]
      - username: 'contributor'
        passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
        roles: ["application_contributor"]
      - username: 'user'
        passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
        roles: ["application_user"]
  saml:
    enabled: false
41
    authorizerName: saml
42
43
44
45
46
47
48
49
50
51
    keystore:
      path: /data/_srv/dariahsp/c105-229.cloud.gwdg.de.jks
      pass: clariah
      alias: c105-229.cloud.gwdg.de
      aliaspass: clariah6
    metadata:
      url: https://aaiproxy.de.dariah.eu/idp/
    sp:
      #metadataResource: /data/_srv/dariahsp/sp_metadata.xml
      maxAuthAge: -1
52
      #entityId: ${baseUrl}
53
54
55
56
      signMetadata: true
      #signingMethods: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
      #digestMethods: http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmlenc#sha512
      #supportedProtocols: urn:oasis:names:tc:SAML:2.0:protocol
57
      authnRequestSigned: truevv
58
59
60
61
      logoutRequestSigned: true
      wantsAssertionsSigned: true
      wantsResponsesSigned: false
      httpClientTimoutMs: 2000
Gradl, Tobias's avatar
Gradl, Tobias committed
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
      attributesIncompleteRedirectUrl: https://auth.de.dariah.eu/cgi-bin/selfservice/ldapportal.pl
      attributeGroups:
        - check: AND
          attributes:
            - friendlyName: dariahTermsOfUse
              name: urn:oid:1.3.6.1.4.1.10126.1.52.4.15
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
              #value: Terms_of_Use_germ_engl_v6.pdf
            - friendlyName: eduPersonPrincipalName
              mappedAttribute: id
              name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
        - check: OPTIONAL
          attributes:
            - friendlyName: mail
              name: urn:oid:0.9.2342.19200300.100.1.3
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
            - friendlyName: displayName
              mappedAttribute: username
              name: urn:oid:2.16.840.1.113730.3.1.241
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
            - friendlyName: isMemberOf
              mappedAttribute: externalRoles
              name: urn:oid:1.3.6.1.4.1.5923.1.5.1.1
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri