# # # Glewlwyd SSO Authorization Server # # Copyright 2016-2019 Nicolas Mora # Gnu Public License V3 # # # port to open for remote commands port=4593 # bind to IPV4 address #bind_address="127.0.0.1" # external url to access to this instance external_url="http://localhost:4593" # login url relative to external url login_url="login.html" # url prefix api_prefix="api" # path to static files for /webapp url static_files_path="/usr/share/glewlwyd/webapp/" # Access-Control-Allow-Origin header value, default '*' allow_origin="*" # Access-Control-Allow-Methods header value, default 'GET, POST, PUT, DELETE, OPTIONS' allow_methods="GET, POST, PUT, DELETE, OPTIONS" # Access-Control-Allow-Headers header value, default 'Origin, X-Requested-With, Content-Type, Accept, Bearer, Authorization, DPoP' allow_headers="Origin, X-Requested-With, Content-Type, Accept, Bearer, Authorization, DPoP" # Access-Control-Expose-Headers header value, default 'Content-Encoding, Authorization' expose_headers="Content-Encoding, Authorization" # header containing the ip of the originating request, used if glewlwyd is behind a http proxy, usually with the value X-Forwarded-For # If not set, default value is 'X-Forwarded-For', set to empty string "" to ignore this parameter originating_ip_header="X-Forwarded-For" # log mode (console, syslog, journald, file) log_mode="console" # log level: NONE, ERROR, WARNING, INFO, DEBUG log_level="DEBUG" # output to log file (required if log_mode is file) log_file="/var/log/glewlwyd.log" # cookie domain #cookie_domain="localhost" # cookie_secure, this options SHOULD be set to 1, set this to 0 to test glewlwyd on insecure connection http instead of https cookie_secure=0 # cookie_same_site, to set the SameSite value in the cookies, values available are 'empty' (no SameSite value), 'none', 'lax' or 'strict', default 'empty' cookie_same_site="empty" # session expiration, default is 4 weeks session_expiration=2419200 # session key session_key="GLEWLWYD2_SESSION_ID" # what methods should be used to access admin APIs, available methods are 'cookie' and/or 'api_key', or 'cookie,api_key', default 'cookie' admin_session_authentication="cookie" # what methods should be used to access user profile APIs, available methods is 'cookie' , default 'cookie' profile_session_authentication="cookie" # are multiple user per session allowed, default true allow_multiple_user_per_session=true # Enable login APIs, default true login_api_enabled=true # Enable plugins APIs, list enabled plugins by name, separated by a comma, or empty string to enable all plugins, default empty string plugin_api_run_enabled="" # add http header X-Frame-Options: deny, default true add_x_frame_option_header_deny=true # maximum post body and parameter size in request, default is 16M+1024, 0 means no limit max_post_size=16778240 # admin scope name admin_scope="g_admin" # profile scope name profile_scope="g_profile" # user_module path user_module_path="/usr/lib/glewlwyd/user" # user_middleware_module path user_middleware_module_path="user_middleware" # client_module path client_module_path="/usr/lib/glewlwyd/client" # user_auth_scheme_module path user_auth_scheme_module_path="/usr/lib/glewlwyd/scheme" # User backend instances enabled, list enabled user backend instances by name, separated by a comma, or empty string to enable all instances, default empty string user_backend_api_run_enabled="" # User middleware instances enabled, list enabled user middleware instances by name, separated by a comma, or empty string to enable all instances, default empty string user_middleware_backend_api_run_enabled="" # Client instances enabled, list enabled client instances by name, separated by a comma, or empty string to enable all instances, default empty string client_backend_api_run_enabled="" # Authentication scheme instances enabled, list enabled authentication scheme instances by name, separated by a comma, or empty string to enable all instances, default empty string scheme_api_run_enabled="" # plugin_module path plugin_module_path="/usr/lib/glewlwyd/plugin" # TLS/SSL configuration values use_secure_connection=false secure_connection_key_file="/etc/glewlwyd/server.key" secure_connection_pem_file="/etc/glewlwyd/server.crt" secure_connection_ca_file="/etc/glewlwyd/ca.crt" # allowed compression algorithms for response, values available are 'deflate', 'gzip', multiple values allowed, if no value is set, default value is 'deflate,gzip' response_allowed_compression="deflate,gzip" # Algorithms available are SHA1, SHA256, SHA512, MD5, default is MD5 hash_algorithm = "SHA512" # MariaDB/Mysql database connection #database = #{ # type = "mariadb" # host = "db_host" # user = "glewlwyd" # password = "glewlwyd" # dbname = "glewlwyd" # port = 0 #} # SQLite database connection database = { type = "sqlite3" path = "/var/cache/glewlwyd/glewlwyd.db" # path = "/tmp/glewlwyd.db" } # PostgreSQL database connection #database = #{ # type = "postgre" # conninfo = "host=localhost dbname=glewlwyd user=glewlwyd password=glewlwyd" #}; # Prometheus metrics parameters #metrics_endpoint = false #metrics_bind_address = "127.0.0.1" #metrics_endpoint_port = 4594 #metrics_endpoint_admin_session = false # mime types for webapp files static_files_mime_types = ( { extension = ".html" mime_type = "text/html" compress = 1 }, { extension = ".css" mime_type = "text/css" compress = 1 }, { extension = ".js" mime_type = "application/javascript" compress = 1 }, { extension = ".json" mime_type = "application/json" compress = 1 }, { extension = ".txt" mime_type = "text/plain" compress = 1 }, { extension = ".png" mime_type = "image/png" compress = 0 }, { extension = ".jpg" mime_type = "image/jpeg" compress = 0 }, { extension = ".jpeg" mime_type = "image/jpeg" compress = 0 }, { extension = ".ttf" mime_type = "font/ttf" compress = 0 }, { extension = ".woff" mime_type = "font/woff" compress = 0 }, { extension = ".woff2" mime_type = "font/woff2" compress = 0 }, { extension = ".otf" mime_type = "font/otf" compress = 0 }, { extension = ".eot" mime_type = "application/vnd.ms-fontobject" compress = 0 }, { extension = ".map" mime_type = "application/octet-stream" compress = 0 }, { extension = ".ico" mime_type = "image/x-icon" compress = 0 } )