This repository was archived by the owner on Jan 9, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathop_conf.example
More file actions
162 lines (140 loc) · 5.24 KB
/
op_conf.example
File metadata and controls
162 lines (140 loc) · 5.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
# -*- coding: utf-8 -*-
import os
import server_conf
from dirg_util.dict import Sqllite3Dict
#Do not change here, perform the changes in server.py.
PORT = server_conf.PORT
HTTPS = server_conf.HTTPS
BASEURL = server_conf.BASEURL
ISSUER = server_conf.ISSUER
#CAS Settings. Only needed when AUTHORIZATION uses the CAS authentication.
CAS_SERVER = "https://my.cas.server.com"
#No need to change the value.
CAS_SERVICE_URL = "%s/verify" % ISSUER
#Authorization type. Can be SAML, CAS, YUBIKEY, PASSWORD, PASSWORD_YUBIKEY or MULTIPLEAUTHN.
#SAML => Will authenticate the user at an external IdP.
#MULTIPLEAUTHN => Will combine authentication methods.
AUTHORIZATION = {
# "SAML": {"ACR": "SAML", "WEIGHT": 3, "URL": ISSUER, "USER_INFO": "SAML"},
# "CAS": {"ACR": "CAS", "WEIGHT": 2, "URL": ISSUER, "USER_INFO": "LDAP"},
# "YUBIKEY": {"ACR": "YUBIKEY", "WEIGHT": 1, "URL": ISSUER, "USER_INFO": "SIMPLE"},
"PASSWORD": {"ACR": "PASSWORD", "WEIGHT": 1, "URL": ISSUER, "USER_INFO": "SIMPLE"},
# "PASSWORD_YUBIKEY": {"ACR": "PASSWORD_YUBIKEY", "WEIGHT": 1, "URL": ISSUER, "USER_INFO": "SIMPLE"},
# "MULTIPLEAUTHN": {
# "ACR": "MultipleAuthnTest",
# "WEIGHT": 4,
# "URL": ISSUER,
# "USER_INFO": "SAML",
# "AUTHNLIST": [
# {"ACR": "PASSWORD"},
# {"ACR": "CAS"},
# {"ACR": "SAML"}
# ]
#
# }
}
#Must point to the complete path on disk to this file!
#No need to change this!
FULL_PATH = os.path.dirname(os.path.abspath(__file__))
WORKING_DIR = FULL_PATH + "/"
#A shared server cache for the IdP. The cache expects a dictionary, but you can use a database by implementing the
#dictionary interface.
OP_CACHE_1 = {}
#The cache as a sqlite database.
#OP_CACHE_1 = Sqllite3Dict(WORKING_DIR + "op_cache1.sqlite3")
#A shared server cache for the IdP. The cache expects a dictionary, but you can use a database by implementing the
#dictionary interface.
OP_CACHE_2 = {}
#The cache as a sqlite database.
#OP_CACHE_2 = Sqllite3Dict(WORKING_DIR + "op_cache2.sqlite3")
#The yubikey server to be used. This is the official server by yubico.
YUBIKEY_SERVER = "http://api2.yubico.com/wsapi/2.0/verify"
#Database for pyYubitool (https://github.com/HaToHo/pyYubitool).
#You must connect your yubikeys to a user in this database in order to make it work.
YUBIKEY_DB = WORKING_DIR + "yubikeyconf.db"
#The page in mako/htdocs that will handle user/password login.
AUTHORIZATIONPAGE_PASSWORD = "op_login_password.mako"
AUTHORIZATIONPAGE_YUBIKEY = "op_login_yubikey.mako"
AUTHORIZATIONPAGE_PASSWORD_YUBIKEY = "op_login_password_yubikey.mako"
#Symetric key for the OP server. Any phrase will work, but it must be 16 characters.
SYM_KEY = "0987654321123456"
#Filename for log.
LOG_FILE = 'op.log'
#The pyoidc based op server uses cookies to maintain a session.
#Name of that cookie.
COOKIENAME = 'pyoic'
#Time to live for the cookie. (4 hours)
COOKIETTL = 4*60
#Private RSA key for the provider
OP_PRIVATE_KEYS = {
"rsa": {
#Your RSA PEM PRIVATE KEY
"key": "opKeys/localhost.key",
#enc = Encryption and sig = Signature
"usage": ["enc", "sig"]
}
}
#Path for the public RSA key for the provider
#The file should contain one row with this content:
#{"keys": [{"use": "enc", "e": "AQAB", "kty": "RSA", "n": "[RSA PEM PUBLIC KEY STRING]"}, {"use": "sig", "e": "AQAB", "kty": "RSA", "n": "[RSA PEM PUBLIC KEY STRING]"}]}
#Replace [RSA PEM PUBLIC KEY STRING] with your real public key, or just let certgeneration.py solve it for you.
OP_PUBLIC_KEYS = "static/jwks.json"
#Setup for how user info will be collected.
#AUTHORIZATION=SAML overrides this configuration and forces user info to be collect trough SAML.
#LDAP configurations
LDAP = {
"uri": "ldap://my.ldap.com",
"base": "dc=umu, dc=se",
"filter_pattern": "(uid=%s)",
"user": "",
"passwd": "",
"attr": ["eduPersonScopedAffiliation", "eduPersonAffiliation"],
}
LDAP_EXTRAVALIDATION = {
"verify_attr": "eduPersonAffiliation",
"verify_attr_valid": ['employee', 'staff', 'student']
}
#If userinfo is LDAP then a LDAP server is used and if userinfo is SIMPLE the USERDB configuration is used.
#USERINFO = "SAML"
#USERINFO = "LDAP"
USERINFO = "SIMPLE"
#Uid and password for USERINFO = SIMPLE
PASSWD = {
"test1": "ytrewq",
"test2": "qwerty"
}
#Information that can be collected with USERINFO = "SIMPLE"
USERDB = {
"test1": {
"user_id": "test1",
"name": "Test1 Testsson",
"given_name": "Test1",
"family_name": "Testsson",
"nickname": "Tester1",
"email": "test1@example.org",
"email_verified": False,
"phone_number": "+46 90 7865000",
"address": {
"street_address": "Umeå Universitet",
"locality": "Umeå",
"postal_code": "SE-90187",
"country": "Sweden"
},
},
"test2": {
"user_id": "test2",
"name": "Test2 Testsson",
"given_name": "Test2",
"family_name": "Testsson",
"nickname": "Tester2",
"email": "test2@example.com",
"email_verified": True,
"address": {
"street_address": "100 Universal City Plaza",
"locality": "Hollywood",
"region": "CA",
"postal_code": "91608",
"country": "USA",
},
}
}