Skip to content

Only one manage per access instance #673

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
oharsta wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Only one manage per access instance #673

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
41d8ad8
Only one manage per access instance
oharsta May 13, 2026
9d49c90
English IdP description
oharsta May 15, 2026
c1b124e
Fixed deployment openaccess
oharsta May 15, 2026
f3c7410
Added OhDear configuration
oharsta May 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 34 additions & 18 deletions roles/openaccess/templates/serverapplication.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ server:
spring:
main:
banner-mode: "off"
cache:
type: simple
session:
jdbc:
cleanup-cron: "-"
Expand Down Expand Up @@ -108,15 +110,16 @@ config:
sram: "https://{{ env }}.sram.surf.nl/"
service_desk: "https://servicedesk.surf.nl/jira/plugins/servlet/desk/user/requests?reporter=all"
feedback_widget_enabled: true
test_environment: {{ openconextaccess.test_environment }}
# For other environments, move to group_vars
identity_providers:
- name: "SXS IdP"
entityid: "http://mock-idp"
descriptionEN: "Een test-IdP waarmee je zelf attributen-sets kunt simuleren. De metadata vind je <a href='https://mujina-idp.test.surfconext.nl/metadata' target='_blank'>hier</a>"
descriptionEN: "A test IdP that allows you to simulate attribute sets yourself. You can find the metadata <a href='https://mujina-idp.test.surfconext.nl/metadata' target='_blank'>here</a>"
descriptionNL: "Een test-IdP waarmee je zelf attributen-sets kunt simuleren. De metadata vind je <a href='https://mujina-idp.test.surfconext.nl/metadata' target='_blank'>hier</a>"
- name: "SXS Dummy"
entityid: "https://idp.diy.surfconext.nl"
descriptionEN: "Een test-IdP met <a href='https://idp.diy.surfconext.nl/showusers.php' target='_blank'>fictieve gebruikersaccounts</a>. De metadata vind je <a href='https://idp.diy.surfconext.nl/saml2/idp/metadata.php' target='_blank'>hier</a>"
descriptionEN: "A test IdP with <a href='https://idp.diy.surfconext.nl/showusers.php' target='_blank'>fictitious user accounts</a>. You can find the metadata <a href='https://idp.diy.surfconext.nl/saml2/idp/metadata.php' target='_blank'>here</a>"
descriptionNL: "Een test-IdP met <a href='https://idp.diy.surfconext.nl/showusers.php' target='_blank'>fictieve gebruikersaccounts</a>. De metadata vind je <a href='https://idp.diy.surfconext.nl/saml2/idp/metadata.php' target='_blank'>hier</a>"
idp_proxy_meta_data: {{ openconextaccess.idp_proxy_meta_data }}
minimal_stepup_acr_level: "http://{{ base_domain }}/assurance/loa2"
Expand Down Expand Up @@ -147,6 +150,8 @@ gui:

feature:
enable-performance-seed: False
statistics-enabled: False
stepup-required: False

email:
from: "{{ noreply_email }}"
Expand All @@ -158,17 +163,10 @@ email:

manage:
enabled: True
activeManage: TEST
test:
url: {{ openconextaccess.managetest.url }}
user: {{ openconextaccess.managetest.user }}
password: {{ openconextaccess.managetest.password }}
defaultState: prodaccepted
prod:
url: {{ openconextaccess.manageprod.url }}
user: {{ openconextaccess.manageprod.user }}
password: {{ openconextaccess.managetest.password }}
defaultState: testaccepted
url: {{ openconextaccess.manage.url }}
user: {{ openconextaccess.manage.user }}
password: {{ openconextaccess.manage.password }}
defaultState: testaccepted
# If manage is disabled (e.g. enabled: False) the staticManageDirectory is the directory where the {metadata_type}.json files
# are located. This can also be an absolute file path, e.g. file:///opt/openconext/invite/manage
staticManageDirectory: classpath:/manage
Expand All @@ -180,18 +178,36 @@ invite:
user: {{ invite.access_user }}
password: "{{ invite.access_secret }}"

statistics:
enabled: {{ openconextaccess.statistics.enabled }}
url: {{ openconextaccess.statistics.url }}
user: {{ openconextaccess.statistics.user }}
password: {{ openconextaccess.statistics.password }}

s3storage:
url: {{ openconextaccess.s3_storage.url }}
key: {{ openconextaccess.s3_storage.key }}
secret: {{ openconextaccess.s3_storage.secret }}
bucket: {{ openconextaccess.s3_storage.bucket }}

statistics:
enabled: {{ openconextaccess.statistics.enabled }}
url: {{ openconextaccess.statistics.url }}
user: {{ openconextaccess.statistics.user }}
password: {{ openconextaccess.statistics.password }}
ohdear:
apiKey: {{ openconextaccess_ohdear_apikey }}
baseUrl: "https://ohdear.app/api"
enabled: true

springdoc:
pathsToMatch: "/api/v1/**"
api-docs:
path: "/ui/api-docs"
enabled: false
swagger-ui:
path: "/ui/api-ui.html"
enabled: false
operationsSorter: method
oauth:
client-id: ${spring.security.oauth2.client.registration.oidcng.client-id}
client-secret: ${spring.security.oauth2.client.registration.oidcng.client-secret}
use-basic-authentication-with-access-code-grant: true

management:
health:
Expand Down