From 1f51ce8716d6b72c4615471bd0a77e0b627f3bf2 Mon Sep 17 00:00:00 2001 From: Ines Date: Tue, 29 Jul 2025 15:28:23 +0200 Subject: [PATCH 01/26] Update serverapplication.yml.j2 --- roles/openaccess/templates/serverapplication.yml.j2 | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/roles/openaccess/templates/serverapplication.yml.j2 b/roles/openaccess/templates/serverapplication.yml.j2 index 16a480884..0191feeed 100644 --- a/roles/openaccess/templates/serverapplication.yml.j2 +++ b/roles/openaccess/templates/serverapplication.yml.j2 @@ -68,15 +68,8 @@ oidcng: resource-server-secret: secret base-url: {{ openconextaccess_base_domain }} -invite: - user: {{ openconextaccess.invite.api_username }} - password: {{ openconextaccess.invite.api_password }} - base-url: {{ openconextaccess.invite.host }} - manage-identifier: {{ openconextaccess.invite.manage_identifier }} - manage-type: oidc10_rp - jira: - enabled: false + enabled: true base-url: {{ openconextaccess.jira.base_url }} user-name: {{ openconextaccess.jira.username }} project-key: {{ openconextaccess.jira.project_key }} From 64c1a89c68411600956eb086a2130d1ec1f9aa6f Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Wed, 12 Nov 2025 08:09:29 +0100 Subject: [PATCH 02/26] Added email.serviceDeskEmail placeholder --- roles/openaccess/templates/serverapplication.yml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/openaccess/templates/serverapplication.yml.j2 b/roles/openaccess/templates/serverapplication.yml.j2 index 5a71cc5f2..34f2d3ade 100644 --- a/roles/openaccess/templates/serverapplication.yml.j2 +++ b/roles/openaccess/templates/serverapplication.yml.j2 @@ -109,6 +109,7 @@ feature: email: from: "{{ noreply_email }}" contactEmail: "{{ support_email }}" + serviceDeskEmail: "{{ support_email }}" environment: "{{ environment_shortname }}" manage: From 961ffa805d7271dd37b4772b06641e2e1a71382a Mon Sep 17 00:00:00 2001 From: Leroy <3416288+Liemine@users.noreply.github.com> Date: Mon, 17 Nov 2025 12:02:01 +0100 Subject: [PATCH 03/26] #769 Make affiliation email more configurable --- roles/myconext/templates/application.yml.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 9f5a4d535..a4fea7074 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -114,6 +114,8 @@ feature: create_eduid_institution_landing: {{ myconext.feature_create_eduid_institution_landing }} # Do we default remember the user for a longer period default_remember_me: True + # Do we default add affiliate email address + default_affiliate_email: True # Does the SAMLIdpService expects authn requests to be signed requires_signed_authn_request: False # Do we support ID verify @@ -135,6 +137,8 @@ feature: # Set to true to use the BRIN code to add ui-roles and authentication scoped affiliations use_remote_creation_for_affiliation: {{ myconext.feature_use_remote_creation_for_affiliation }} + default_affiliate_email_domain: eduid.nl + captcha: sitekey: {{ myconext.captcha_sitekey }} apikey: {{ myconext.captcha_apikey }} From 3d1f8845b405a7914fb16abbd281ab64013ee42b Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Tue, 18 Nov 2025 16:20:30 +0100 Subject: [PATCH 04/26] Fixed indentation for myconext --- roles/myconext/templates/application.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index a4fea7074..abcac9949 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -137,7 +137,7 @@ feature: # Set to true to use the BRIN code to add ui-roles and authentication scoped affiliations use_remote_creation_for_affiliation: {{ myconext.feature_use_remote_creation_for_affiliation }} - default_affiliate_email_domain: eduid.nl +default_affiliate_email_domain: eduid.nl captcha: sitekey: {{ myconext.captcha_sitekey }} From 06a6381c4984e34f8b3c24efb95a73447b933a11 Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Wed, 19 Nov 2025 17:04:19 +0100 Subject: [PATCH 05/26] WIP for https://github.com/OpenConext/OpenConext-attribute-aggregation/issues/143 --- roles/attribute-aggregation/tasks/main.yml | 6 +++++- .../templates/serverapplication.yml.j2 | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/attribute-aggregation/tasks/main.yml b/roles/attribute-aggregation/tasks/main.yml index a8959123f..dcac53c08 100644 --- a/roles/attribute-aggregation/tasks/main.yml +++ b/roles/attribute-aggregation/tasks/main.yml @@ -53,6 +53,10 @@ command: "-Xmx128m --spring.config.location=./" etc_hosts: host.docker.internal: host-gateway + labels: + traefik.http.routers.aagui.rule: "Host(`aa.{{ base_domain }}`)" + traefik.http.routers.aagui.tls: "true" + traefik.enable: "true" healthcheck: test: [ @@ -61,7 +65,7 @@ "-no-verbose", "--tries=1", "--spider", - "http://localhost:8080/aa/api/internal/health", + "http://localhost:8080/internal/health", ] interval: 10s timeout: 10s diff --git a/roles/attribute-aggregation/templates/serverapplication.yml.j2 b/roles/attribute-aggregation/templates/serverapplication.yml.j2 index 8e49715b4..28fc29379 100644 --- a/roles/attribute-aggregation/templates/serverapplication.yml.j2 +++ b/roles/attribute-aggregation/templates/serverapplication.yml.j2 @@ -8,7 +8,6 @@ server: # The port to where this Spring Boot application listens to. e.g. http://localhost:{{ springapp_tcpport }} port: 8080 servlet: - context-path: /aa/api session: timeout: 28800 cookie: From 6b68917d4484cdfc5b5b7e9b6bf87840f588f306 Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Thu, 20 Nov 2025 09:37:22 +0100 Subject: [PATCH 06/26] Fixes https://github.com/OpenConext/OpenConext-attribute-aggregation/issues/143 --- roles/attribute-aggregation/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/attribute-aggregation/tasks/main.yml b/roles/attribute-aggregation/tasks/main.yml index dcac53c08..2fb6277d0 100644 --- a/roles/attribute-aggregation/tasks/main.yml +++ b/roles/attribute-aggregation/tasks/main.yml @@ -54,8 +54,8 @@ etc_hosts: host.docker.internal: host-gateway labels: - traefik.http.routers.aagui.rule: "Host(`aa.{{ base_domain }}`)" - traefik.http.routers.aagui.tls: "true" + traefik.http.routers.aaserver.rule: "Host(`aa.{{ base_domain }}`)" + traefik.http.routers.aaserver.tls: "true" traefik.enable: "true" healthcheck: test: From 05b0831f5681faf4e5abdc7776ec99b7a458b260 Mon Sep 17 00:00:00 2001 From: Ricardo van der Heijden Date: Thu, 20 Nov 2025 10:50:29 +0100 Subject: [PATCH 07/26] Fixes https://github.com/OpenConext/OpenConext-myconext/issues/757 --- roles/myconext/templates/application.yml.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index abcac9949..31b0f1a8e 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -136,6 +136,8 @@ feature: captcha_enabled: True # Set to true to use the BRIN code to add ui-roles and authentication scoped affiliations use_remote_creation_for_affiliation: {{ myconext.feature_use_remote_creation_for_affiliation }} + # Set to true to show the account linking related options on the personal-info page and home page (banner) + enable_account_linking: True default_affiliate_email_domain: eduid.nl From c930adfc53fb43f1dd7bf6ac6cdbba7dc2d360c8 Mon Sep 17 00:00:00 2001 From: Ricardo van der Heijden Date: Thu, 20 Nov 2025 14:07:23 +0100 Subject: [PATCH 08/26] #757 Replaces hardcoded value with variable --- environments/template/group_vars/template.yml | 3 ++- roles/myconext/templates/application.yml.j2 | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/environments/template/group_vars/template.yml b/environments/template/group_vars/template.yml index 1317bbd88..916db22db 100644 --- a/environments/template/group_vars/template.yml +++ b/environments/template/group_vars/template.yml @@ -290,6 +290,7 @@ myconext: feature_create_eduid_institution_landing: true feature_allowlist: false feature_dry_run_email_cron: true + feature_enable_account_linking: true sms_api_url: "https://rest.spryngsms.com/v1/messages" sms_api_route: "default" sp_entity_id: https://engine.{{ base_domain }}/authentication/sp/metadata @@ -613,4 +614,4 @@ dashboard_install: false # change them if necessary, for example on docker hosts they have to be a little higher # rsyslog_imjournal_ratelimitburst: 2000 # rsyslog_imjournal_ratelimitinterval: 600 -# rsyslog_maxmessagesize: 8000 \ No newline at end of file +# rsyslog_maxmessagesize: 8000 diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 31b0f1a8e..d30ffd3e2 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -137,7 +137,7 @@ feature: # Set to true to use the BRIN code to add ui-roles and authentication scoped affiliations use_remote_creation_for_affiliation: {{ myconext.feature_use_remote_creation_for_affiliation }} # Set to true to show the account linking related options on the personal-info page and home page (banner) - enable_account_linking: True + enable_account_linking: {{ myconext.feature_enable_account_linking }} default_affiliate_email_domain: eduid.nl From 48bdd9aeceba104ded5cc0bb8652180cb34d592e Mon Sep 17 00:00:00 2001 From: Ricardo van der Heijden <20791917+ricardovdheijden@users.noreply.github.com> Date: Mon, 24 Nov 2025 15:54:13 +0100 Subject: [PATCH 09/26] Fixes https://github.com/OpenConext/OpenConext-myconext/issues/759 Adds feature toggle use_app --- environments/template/group_vars/template.yml | 1 + roles/myconext/templates/application.yml.j2 | 2 ++ 2 files changed, 3 insertions(+) diff --git a/environments/template/group_vars/template.yml b/environments/template/group_vars/template.yml index 916db22db..55e659b57 100644 --- a/environments/template/group_vars/template.yml +++ b/environments/template/group_vars/template.yml @@ -291,6 +291,7 @@ myconext: feature_allowlist: false feature_dry_run_email_cron: true feature_enable_account_linking: true + feature_use_app: true sms_api_url: "https://rest.spryngsms.com/v1/messages" sms_api_route: "default" sp_entity_id: https://engine.{{ base_domain }}/authentication/sp/metadata diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index d30ffd3e2..42f0c64a5 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -138,6 +138,8 @@ feature: use_remote_creation_for_affiliation: {{ myconext.feature_use_remote_creation_for_affiliation }} # Set to true to show the account linking related options on the personal-info page and home page (banner) enable_account_linking: {{ myconext.feature_enable_account_linking }} + # Set to true to show the app login option + use_app: {{ myconext.feature_use_app }} default_affiliate_email_domain: eduid.nl From cf732253d7cc7b38eb070d92c18cab41fa2805cb Mon Sep 17 00:00:00 2001 From: Leroy <3416288+Liemine@users.noreply.github.com> Date: Tue, 25 Nov 2025 11:00:42 +0100 Subject: [PATCH 10/26] #1001 Add email addresses --- roles/myconext/templates/application.yml.j2 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 9f5a4d535..f41395144 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -37,8 +37,11 @@ springdoc: enabled: true email: - from: eduID - error_mail: info@surfconext.nl + from_deprovisioning: + from_code: eduID + from_app_nudge: + from_new_device: + error: info@surfconext.nl magic-link-url: https://login.{{ myconext_base_domain }}/saml/guest-idp/magic my-surfconext-url: https://mijn.{{ myconext_base_domain }} idp-surfconext-url: https://login.{{ myconext_base_domain }} From 19d0a4828f95e8f8eae9341a13699b826109c5ca Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Tue, 25 Nov 2025 12:47:14 +0100 Subject: [PATCH 11/26] Added missing attributes from feature branch --- roles/myconext/templates/application.yml.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index f41395144..fab11c98d 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -137,6 +137,12 @@ feature: captcha_enabled: True # Set to true to use the BRIN code to add ui-roles and authentication scoped affiliations use_remote_creation_for_affiliation: {{ myconext.feature_use_remote_creation_for_affiliation }} + # Set to true to show the account linking related options on the personal-info page and home page (banner) + enable_account_linking: {{ myconext.feature_enable_account_linking }} + # Set to true to show the app login option + use_app: {{ myconext.feature_use_app }} + +default_affiliate_email_domain: eduid.nl captcha: sitekey: {{ myconext.captcha_sitekey }} From 9b0db989a02b3b2474a1a44371ba68d488541039 Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Wed, 26 Nov 2025 09:08:17 +0100 Subject: [PATCH 12/26] Added languages for invite --- roles/invite/templates/serverapplication.yml.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/invite/templates/serverapplication.yml.j2 b/roles/invite/templates/serverapplication.yml.j2 index ce195b62d..e637ff0cf 100644 --- a/roles/invite/templates/serverapplication.yml.j2 +++ b/roles/invite/templates/serverapplication.yml.j2 @@ -118,6 +118,8 @@ config: past-date-allowed: {{ invite.past_date_allowed }} performance-seed-allowed: {{ invite.performance_seed_allowed }} eduid-idp-schac-home-organization: {{ invite.eduid_idp_schac_home_organization }} + # Determines the languages available for switching language, supported are 'nl', 'en' and 'pt' + languages: "nl, en" feature: limit-institution-admin-role-visibility: {{ invite.limit_institution_admin_role_visibility }} From 90262652a4073135bb53ee432f4497e91a0f8c96 Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Sat, 29 Nov 2025 11:14:45 +0100 Subject: [PATCH 13/26] Added missing mongodb_db variable for myconext CRON jobs --- roles/myconext/templates/application.yml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 3d1719061..b45cc13bc 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -77,6 +77,7 @@ manage: base_url: "https://manage.{{ base_domain }}" enabled: True +mongodb_db: {{ myconext.mongo_database }} base_domain: {{ myconext_base_domain }} saml_metadata_base_path: https://login.{{ myconext_base_domain }} base_path: https://mijn.{{ myconext_base_domain }} From 6a30219f08a518f4b8d60c42fb7d42a61a41e44e Mon Sep 17 00:00:00 2001 From: Leroy <3416288+Liemine@users.noreply.github.com> Date: Mon, 1 Dec 2025 10:49:40 +0100 Subject: [PATCH 14/26] #1024 Add mail-institution-batch-size to 500 and set mail-institution-mail-usage-expression to daily --- roles/myconext/templates/application.yml.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 9f5a4d535..515d50b3f 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -58,7 +58,8 @@ cron: manage-initial-delay-milliseconds: 15000 manage-fixed-rate-milliseconds: 300_000 # Runs on the first day of February, May, August, and November. - mail-institution-mail-usage-expression: "0 0 0 1 2,5,8,11 *" + mail-institution-mail-usage-expression: "0 0 0 * 2,5,8,11 *" + mail-institution-batch-size: 500 # Every day at 6:30AM nudge-app-mail-expression: "0 30 6 * * ?" # Number of days after creation of the eduID account which the nudge mail is send From 7a23f863f9b9afff0387f34110053626ced670ed Mon Sep 17 00:00:00 2001 From: Leroy <3416288+Liemine@users.noreply.github.com> Date: Tue, 2 Dec 2025 13:39:38 +0100 Subject: [PATCH 15/26] #802-differentiate-error_mail-configurable-for-prod-and-non-prod-develop --- roles/myconext/templates/application.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 46d31a2e3..d08d3d52b 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -41,7 +41,7 @@ email: from_code: eduID from_app_nudge: from_new_device: - error: info@surfconext.nl + error: {{ error_mail_to }} magic-link-url: https://login.{{ myconext_base_domain }}/saml/guest-idp/magic my-surfconext-url: https://mijn.{{ myconext_base_domain }} idp-surfconext-url: https://login.{{ myconext_base_domain }} From 10431c9fa1679064bada6734db11f66bad58e01d Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Tue, 2 Dec 2025 16:04:53 +0100 Subject: [PATCH 16/26] https://github.com/OpenConext/OpenConext-access/issues/322 --- roles/openaccess/templates/serverapplication.yml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/openaccess/templates/serverapplication.yml.j2 b/roles/openaccess/templates/serverapplication.yml.j2 index 6224bf7fc..94d4a72f3 100644 --- a/roles/openaccess/templates/serverapplication.yml.j2 +++ b/roles/openaccess/templates/serverapplication.yml.j2 @@ -113,6 +113,7 @@ email: from: "{{ noreply_email }}" contactEmail: "{{ support_email }}" serviceDeskEmail: "{{ support_email }}" + supportEmail: "support@surfconext.nl" environment: "{{ environment_shortname }}" manage: From 4b29f864c26090b27bf1821f905d22e54d7a5fc9 Mon Sep 17 00:00:00 2001 From: Ines Date: Fri, 5 Dec 2025 13:31:44 +0100 Subject: [PATCH 17/26] test2 uit serverapplication.yml.j2 --- roles/openaccess/templates/serverapplication.yml.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openaccess/templates/serverapplication.yml.j2 b/roles/openaccess/templates/serverapplication.yml.j2 index 94d4a72f3..ab9df15af 100644 --- a/roles/openaccess/templates/serverapplication.yml.j2 +++ b/roles/openaccess/templates/serverapplication.yml.j2 @@ -62,8 +62,8 @@ spring: host: {{ smtp_server }} oidcng: - discovery-url: "https://connect.test2.surfconext.nl/oidc/.well-known/openid-configuration" - introspect-url: "https://connect.test2.surfconext.nl/oidc/introspect" + discovery-url: "https://connect.{{ env }}.surfconext.nl/oidc/.well-known/openid-configuration" + introspect-url: "https://connect.{{ env }}.surfconext.nl/oidc/introspect" resource-server-id: myconext.rs resource-server-secret: secret base-url: {{ openconextaccess_base_domain }} @@ -90,7 +90,7 @@ config: client-url: "https://{{ openconextaccess_base_domain }}" base-url: "{{ base_domain }}" edu_id_schac_home_organization: "eduid.nl" - discovery: "https://connect.test2.surfconext.nl/oidc/.well-known/openid-configuration" + discovery: "https://connect.{{ env }}.surfconext.nl/oidc/.well-known/openid-configuration" invite: "https://invite.{{ base_domain }}" sram: "https://{{ env }}.sram.surf.nl/" serviceDesk: "https://servicedesk.surf.nl/jira/plugins/servlet/desk/user/requests?reporter=all" From 6c25ee4e03096ccfdbf02396cc933dfd7a2d5285 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Fri, 5 Dec 2025 13:38:37 +0100 Subject: [PATCH 18/26] do not show minio root ww --- roles/minio/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index 2c9ec4063..e99e15c45 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -24,6 +24,7 @@ mode: "0644" with_items: - config.env + no_log: true notify: Restart minio - name: Create and start the server container From b17b097ce1a64747f4dc226db890fd745fe8d8bc Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Thu, 11 Dec 2025 10:58:41 +0100 Subject: [PATCH 19/26] Add some debugging --- roles/openaccess/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/openaccess/tasks/main.yml b/roles/openaccess/tasks/main.yml index c3cfb6e4a..25d32245b 100644 --- a/roles/openaccess/tasks/main.yml +++ b/roles/openaccess/tasks/main.yml @@ -19,6 +19,12 @@ - serverapplication.yml notify: restart accessserver + +- name: Debug mariadb_in_docker # Show with -vv + ansible.builtin.debug: + msg: "{{ mariadb_in_docker }}" + verbosity: 2 + - name: Add the MariaDB docker network to the list of networks when MariaDB runs in Docker ansible.builtin.set_fact: invite_docker_networks: From 2e366f2f760fba6adc16b6f96f644d9e76865516 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Thu, 11 Dec 2025 11:04:59 +0100 Subject: [PATCH 20/26] network variable was not used in container creation --- roles/openaccess/tasks/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/openaccess/tasks/main.yml b/roles/openaccess/tasks/main.yml index 25d32245b..4947442be 100644 --- a/roles/openaccess/tasks/main.yml +++ b/roles/openaccess/tasks/main.yml @@ -27,7 +27,7 @@ - name: Add the MariaDB docker network to the list of networks when MariaDB runs in Docker ansible.builtin.set_fact: - invite_docker_networks: + openaccess_docker_networks: - name: loadbalancer - name: openconext_mariadb when: mariadb_in_docker | default(false) | bool @@ -42,8 +42,7 @@ restart_policy: "{{ openaccess_server_restart_policy }}" restart_retries: "{{ openaccess_server_restart_retries }}" # Only for restart policy on-failure state: started - networks: - - name: "loadbalancer" + networks: "{{ openaccess_docker_networks }}" mounts: - source: /opt/openconext/openaccess/serverapplication.yml target: /application.yml From 1829d45c1c27a72aa6e2919e9f1a80ca0d29bac4 Mon Sep 17 00:00:00 2001 From: Ines Date: Thu, 12 Mar 2026 13:37:53 +0100 Subject: [PATCH 21/26] Update serverapplication.yml.j2 remove states --- roles/openaccess/templates/serverapplication.yml.j2 | 7 ------- 1 file changed, 7 deletions(-) diff --git a/roles/openaccess/templates/serverapplication.yml.j2 b/roles/openaccess/templates/serverapplication.yml.j2 index 4b9b673ca..ec4d8b68a 100644 --- a/roles/openaccess/templates/serverapplication.yml.j2 +++ b/roles/openaccess/templates/serverapplication.yml.j2 @@ -166,13 +166,6 @@ invite: user: {{ invite.access_user }} password: "{{ invite.access_secret }}" -# Todo relace with openconextaccess user -statistics: - enabled: True - url: {{ dashboard.stats_url }} - user: {{ dashboard.stats_user }} - password: {{ stats_dashboard_api_password }} - s3storage: url: {{ openconextaccess.s3_storage.url }} key: {{ openconextaccess.s3_storage.key }} From 338d4d225a75bcacd3c5d0f25ac00756b1ce3753 Mon Sep 17 00:00:00 2001 From: Ines Duits Date: Thu, 12 Mar 2026 14:01:11 +0100 Subject: [PATCH 22/26] docker fix en stats eruit? --- roles/openaccess/defaults/main.yml | 2 ++ roles/openaccess/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/openaccess/defaults/main.yml b/roles/openaccess/defaults/main.yml index ba813a4c8..888e97b36 100644 --- a/roles/openaccess/defaults/main.yml +++ b/roles/openaccess/defaults/main.yml @@ -1,3 +1,5 @@ --- openaccess_server_restart_policy: always openaccess_server_restart_retries: 0 +openaccess_docker_networks: + - name: loadbalancer diff --git a/roles/openaccess/tasks/main.yml b/roles/openaccess/tasks/main.yml index 4947442be..5f92ead18 100644 --- a/roles/openaccess/tasks/main.yml +++ b/roles/openaccess/tasks/main.yml @@ -100,4 +100,4 @@ S3_STORAGE_URL : "{{ openconextaccess.s3_storage.url }}" S3_STORAGE_KEY : "{{ openconextaccess.s3_storage.key }}" S3_STORAGE_SECRET : "{{ openconextaccess.s3_storage.secret }}" - S3_STORAGE_BUCKET : "{{ openconextaccess.s3_storage.bucket }}" \ No newline at end of file + S3_STORAGE_BUCKET : "{{ openconextaccess.s3_storage.bucket }}" From ed069e3118cd0f059a992d29d49fc6c1d43189b2 Mon Sep 17 00:00:00 2001 From: Ines Date: Thu, 12 Mar 2026 14:33:13 +0100 Subject: [PATCH 23/26] Update serverapplication.yml.j2 with stats variables --- roles/openaccess/templates/serverapplication.yml.j2 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/openaccess/templates/serverapplication.yml.j2 b/roles/openaccess/templates/serverapplication.yml.j2 index ec4d8b68a..e5b7564be 100644 --- a/roles/openaccess/templates/serverapplication.yml.j2 +++ b/roles/openaccess/templates/serverapplication.yml.j2 @@ -172,6 +172,13 @@ s3storage: secret: {{ openconextaccess.s3_storage.secret }} bucket: {{ openconextaccess.s3_storage.bucket }} +statistics: + enabled: {{ openconextaccess.statistics.enabled }} + url: {{ openconextaccess.statistics.url }} + user: {{ openconextaccess.statistics.user }} + password: {{ openconextaccess.statistics.password }} + + management: health: mail: From 923793e4227346fbc251cee89870eb9ab5229dd6 Mon Sep 17 00:00:00 2001 From: Ines Date: Thu, 12 Mar 2026 15:13:06 +0100 Subject: [PATCH 24/26] Update serverapplication.yml.j2 voor OIDCNG --- roles/openaccess/templates/serverapplication.yml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openaccess/templates/serverapplication.yml.j2 b/roles/openaccess/templates/serverapplication.yml.j2 index e5b7564be..d0a03b9a3 100644 --- a/roles/openaccess/templates/serverapplication.yml.j2 +++ b/roles/openaccess/templates/serverapplication.yml.j2 @@ -29,8 +29,8 @@ spring: client: registration: oidcng: - client-id: {{ oidc_playground.client_id }} - client-secret: {{ oidc_playground.secret }} + client-id: {{ openconextaccess.oidcng.client_id }} + client-secret: {{ openconextaccess.oidcng.secret }} redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}" authorization-grant-type: "authorization_code" scope: openid From 0410d4a610c86dc94f43d3165f63746ec147f174 Mon Sep 17 00:00:00 2001 From: Ines Duits Date: Fri, 13 Mar 2026 14:57:59 +0100 Subject: [PATCH 25/26] het iig werkend maken voor test2 --- roles/openaccess/templates/serverapplication.yml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openaccess/templates/serverapplication.yml.j2 b/roles/openaccess/templates/serverapplication.yml.j2 index d0a03b9a3..e5b7564be 100644 --- a/roles/openaccess/templates/serverapplication.yml.j2 +++ b/roles/openaccess/templates/serverapplication.yml.j2 @@ -29,8 +29,8 @@ spring: client: registration: oidcng: - client-id: {{ openconextaccess.oidcng.client_id }} - client-secret: {{ openconextaccess.oidcng.secret }} + client-id: {{ oidc_playground.client_id }} + client-secret: {{ oidc_playground.secret }} redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}" authorization-grant-type: "authorization_code" scope: openid From 42882df5d857dbf410e85853b46ca3051527a1b5 Mon Sep 17 00:00:00 2001 From: Ines Duits Date: Mon, 30 Mar 2026 12:03:40 +0200 Subject: [PATCH 26/26] update van serviceapplication yml --- .../templates/serverapplication.yml.j2 | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/openaccess/templates/serverapplication.yml.j2 b/roles/openaccess/templates/serverapplication.yml.j2 index e5b7564be..1e5a2f9b9 100644 --- a/roles/openaccess/templates/serverapplication.yml.j2 +++ b/roles/openaccess/templates/serverapplication.yml.j2 @@ -29,17 +29,17 @@ spring: client: registration: oidcng: - client-id: {{ oidc_playground.client_id }} - client-secret: {{ oidc_playground.secret }} + client-id: {{ openconextaccess.oidcng.client_id }} + client-secret: {{ openconextaccess.oidcng.secret }} redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}" authorization-grant-type: "authorization_code" scope: openid provider: oidcng: - authorization-uri: "https://connect.{{ base_domain }}/oidc/authorize" - token-uri: "https://connect.{{ base_domain }}/oidc/token" - user-info-uri: "https://connect.{{ base_domain }}/oidc/userinfo" - jwk-set-uri: "https://connect.{{ base_domain }}/oidc/certs" + authorization-uri: {{ openconextaccess.oidcng.authorization_uri }} + token-uri: {{ openconextaccess.oidcng.token_uri }} + user-info-uri: {{ openconextaccess.oidcng.user_info_uri }} + jwk-set-uri: {{ openconextaccess.oidcng.jwk_set_uri }} user-name-attribute: sub user-info-authentication-method: client_secret_basic jpa: @@ -62,8 +62,8 @@ spring: host: {{ smtp_server }} oidcng: - discovery-url: "https://connect.{{ env }}.surfconext.nl/oidc/.well-known/openid-configuration" - introspect-url: "https://connect.{{ env }}.surfconext.nl/oidc/introspect" + discovery-url: {{ openconextaccess.oidcng.discovery_url }} + introspect-url: {{ openconextaccess.oidcng.introspect_url }} resource-server-id: myconext.rs resource-server-secret: secret base-url: {{ openconextaccess_base_domain }} @@ -105,7 +105,7 @@ config: entityid: "https://idp.diy.surfconext.nl" descriptionEN: "Een test-IdP met fictieve gebruikersaccounts. De metadata vind je hier" descriptionNL: "Een test-IdP met fictieve gebruikersaccounts. De metadata vind je hier" - idp_proxy_meta_data: https://metadata.test2.surfconext.nl/idp-metadata.xml + idp_proxy_meta_data: {{ openconextaccess.idp_proxy_meta_data }} minimal_stepup_acr_level: "http://{{ base_domain }}/assurance/loa2" features: - name: idp @@ -121,7 +121,7 @@ config: - "{{ loa }}" {% endfor %} -eduid-idp-entity-id: "https://login.{{ myconext_base_domain }}" +eduid-idp-entity-id: {{ openconextaccess.eduid_idp_entity_id }} super-admin: users: