blob: 20ca8cb6504c078c6dc930b5ee1b3db133e850b6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
# Listen on port 4180 for incoming HTTP traffic.
https_address= "{{ spec.https_address or '0.0.0.0:4180' }}"
skip_provider_button= true
skip_jwt_bearer_tokens= true
# OIDC provider configuration.
provider= "oidc"
provider_display_name= "{{ spec.provider_display_name }}"
client_id= "{{ spec.client_id }}"
client_secret= "{{ spec.client_secret }}"
oidc_issuer_url= "{{ spec.oidc_issuer_url }}"
{% if redirect_url %}
redirect_url= "{{ redirect_url }}"
{% endif %}
ssl_insecure_skip_verify=true
# following configuration is needed to avoid getting Forbidden
# when using chrome like browsers as they handle 3rd party cookies
# more strictly than Firefox
cookie_samesite= "none"
cookie_secure= true
cookie_expire= "5h"
cookie_refresh= "2h"
pass_access_token= true
pass_authorization_header= true
pass_basic_auth= true
pass_user_headers= true
set_xauthrequest= true
# Secret value for encrypting cookies.
cookie_secret= "{{ cookie_secret }}"
email_domains= "*"
whitelist_domains= "{{ whitelist_domains | join(',') }}"
|
