-
Notifications
You must be signed in to change notification settings - Fork 124
/
Copy pathopenid_connect_frontend.yaml.example
48 lines (44 loc) · 1.36 KB
/
openid_connect_frontend.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
module: satosa.frontends.openid_connect.OpenIDConnectFrontend
name: OIDC
config:
signing_key_path: frontend.key
signing_key_id: frontend.key1
# Defines the database connection URI for the databases:
# - authz_code_db
# - access_token_db
# - refresh_token_db
# - sub_db
# - user_db
#
# supported storage backends:
# - In-memory dictionary
# - MongoDB (e.g. mongodb://db.example.com)
# - Redis (e.g. redis://example/0)
# - Stateless (eg. stateless://user:encryptionkey?alg=aes256)
#
# This configuration is optional.
# By default, the in-memory storage is used.
db_uri: mongodb://db.example.com
# Where to store clients.
#
# If client_db_uri is set, the database connection is used.
# Otherwise, if client_db_path is set, the JSON file is used.
# By default, an in-memory dictionary is used.
client_db_uri: mongodb://db.example.com
client_db_path: /path/to/your/cdb.json
# if not specified, it is randomly generated on every startup
sub_hash_salt: randomSALTvalue
provider:
client_registration_supported: Yes
response_types_supported: ["code", "id_token token"]
subject_types_supported: ["pairwise"]
scopes_supported: ["openid", "email"]
extra_scopes:
foo_scope:
- bar_claim
- baz_claim
id_token_lifetime: 3600
extra_id_token_claims:
foo_client:
- bar_claim
- baz_claim