Configuration file ============================ The configuration file is a yaml file with four sections: #. openid_providers #. proxy #. services #. access_control openid_providers ---------------- Here you can specify each provider you want to support. Each provider is a key under openid_providers and you must submit the `configuration_url` and either `registration_token` and `registration_url` or an `configuration_token`. With an `configuration_token` the client registers as a new OpenID Connect Client, with a `registration_token` the client access the registration data from the OpenID Connect Registration Endpoint. .. literalinclude:: /gen/sample_config.yml :linenos: :lineno-start: 10 :language: yaml :lines: 10-18 The meaning of each key is documented in the ProviderConfig class. .. autoclass:: arpoc.config.ProviderConfig :members: human_readable_name :noindex: proxy ----- OpenID Connect requires the use of TLS. Therefore you need an keyfile with the private key and a certificate file with the TLS Certificate. Under `contacts` you must submit a valid e-mail adress that will be used during the registration with the OpenID Connect Providers The `secrets` file is used to store the client secrets of the OpenID Connect protocol. .. literalinclude:: /gen/sample_config.yml :linenos: :lineno-start: 19 :language: yaml :lines: 19-36 Each key is documented in the ProxyConfig class. .. autoclass:: arpoc.config.ProxyConfig :noindex: services -------- Each service (i.e. an URL that is accessible through a subfolder on the proxy) must be listed here. You can specify authentication settings like a client certificate that the proxy will use with every connection to the service or a bearer token, that the proxy will use in the 'Authentication' field. The `AC` key must specify a valid policy set that will evaluated on every access. .. literalinclude:: /gen/sample_config.yml :linenos: :lineno-start: 37 :language: yaml :lines: 37-44 .. autoclass:: arpoc.config.ServiceConfig :noindex: .. _specialpagessection: Special pages ^^^^^^^^^^^^^^ You can currently add two special pages: `userinfo` and `pap`. To do this, supply either `userinfo` or `pap` as value for the `origin_URL`. All other values have the same purpose as for proxying a webpage. access_control -------------- Here you can specify the list of directories where the proxy will load access control entities. .. literalinclude:: /gen/sample_config.yml :linenos: :lineno-start: 1 :language: yaml :lines: 1-3 .. autoclass:: arpoc.config.ACConfig :noindex: misc -------------- Other config option that hadn't fit into the other sections .. literalinclude:: /gen/sample_config.yml :linenos: :lineno-start: 1 :language: yaml :lines: 4-9 .. autoclass:: arpoc.config.Misc :noindex: