-
Notifications
You must be signed in to change notification settings - Fork 9
/
deploy.cfg.example
100 lines (79 loc) · 5.06 KB
/
deploy.cfg.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# Example deployment configuration file for the KBase authentication server
# MKII.
# Make a copy, fill in as required, and set KB_DEPLOYMENT_CFG to point to the
# new file before starting the server.
[authserv2]
# The host name (and port if required) of the mongo server to be used as auth storage.
mongo-host =
# The name of the mongo database to be used as auth storage.
mongo-db =
# Whether to enable ('true') the MongoDB retryWrites parameter or not (anything other than 'true').
# See https://www.mongodb.com/docs/manual/core/retryable-writes/
mongo-retrywrites = false
# If the mongo database is authenticated, the user name of a read/write account.
mongo-user =
# If the mongo data base is authenticated, the password for the given username.
mongo-pwd =
# The name of the cookie in which tokens should be stored in the browser.
token-cookie-name = kbase_session
# The name of the header to be used to pass the environment name (see below) to the server at the
# /login/start and /link/start endpoints. The header takes precedence over form submission
# of the environment name.
# The header must start with 'X-' and consist of only capital letters and hyphens.
environment-header=X-AUTHTWO-ENVIRONMENT
# The name of the service to report when logging to syslog.
log-name = KBaseAuthServ2
# The path to the directory containing the templates.
template-dir = templates
# A list of enabled identity providers. Each identity provider has a set of configuration variables
# below that start with identity-provider-<provider name> that must be correctly set.
identity-providers = Globus, Google, OrcID
# A comma separated list of names of alternate environments in which the service operates in
# addition to the environment served by the default login and link redirect urls.
# Each environment must specify its own login and link redirect urls. These URLs must be
# registered with the identity provider as usual. The environment to use for a particular login
# or link request can be specified via the service interface at login or link start time.
identity-provider-envs=
# Below are the list of configuration variables for each identity provider. The keys are:
# identity-provider-<provider name>-factory - the java class for the factory that builds the
# identity provider.
# identity-provider-<provider name>-login-url - the url where users are redirected for login.
# identity-provider-<provider name>-api-url - the url for the identity provider's API.
# identity-provider-<provider name>-client-id - the OAuth2 client ID for the provider.
# identity-provider-<provider name>-client-secret - the OAuth2 secret for the provider.
# identity-provider-<provider name>-login-redirect - where the identity provider should redirect
# after a user logs in at the provider website when a login is requested.
# identity-provider-<provider name>-link-redirect - where the identity provider should redirect
# after a user logs in at the provider website when a link is requested.
# identity-provider-<provider name>-custom-X=Y - Custom per provider configuration options. These
# options will be provided to the identity provider as a set of keys and values where X is the key
# any Y is the value.
# Alternate environment configuration variables:
# <env> is the environment name as specified in the identity-provider-envs
# configuration variable.
#
# identity-provider-<provider name>-env-<env>-link-redirect - the alternate link redirect url.
# identity-provider-<provider name>-env-<env>-login-redirect - the alternate login redirect url.
identity-provider-Globus-factory = us.kbase.auth2.providers.GlobusIdentityProviderFactory
identity-provider-Globus-login-url = https://auth.globus.org
identity-provider-Globus-api-url = https://auth.globus.org
identity-provider-Globus-client-id =
identity-provider-Globus-client-secret =
identity-provider-Globus-login-redirect-url = https://kbase.us/services/auth/login/complete/globus
identity-provider-Globus-link-redirect-url = https://kbase.us/services/auth/link/complete/globus
# uncomment to only use Globus primary identities when determining access to accounts.
#identity-provider-Globus-custom-ignore-secondary-identities = true
identity-provider-Google-factory = us.kbase.auth2.providers.GoogleIdentityProviderFactory
identity-provider-Google-login-url = https://accounts.google.com/
identity-provider-Google-api-url = https://www.googleapis.com/
identity-provider-Google-client-id =
identity-provider-Google-client-secret =
identity-provider-Google-login-redirect-url = https://kbase.us/services/auth/login/complete/google
identity-provider-Google-link-redirect-url = https://kbase.us/services/auth/link/complete/google
identity-provider-OrcID-factory = us.kbase.auth2.providers.OrcIDIdentityProviderFactory
identity-provider-OrcID-login-url = https://sandbox.orcid.org/
identity-provider-OrcID-api-url = https://pub.sandbox.orcid.org/
identity-provider-OrcID-client-id =
identity-provider-OrcID-client-secret =
identity-provider-OrcID-login-redirect-url = https://kbase.us/services/auth/login/complete/orcid
identity-provider-OrcID-link-redirect-url = https://kbase.us/services/auth/link/complete/orcid