Skip to content

Add engineblock parameters for SBS integration #647

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
baszoetekouw merged 1 commit into from
Apr 2, 2026
+23 −0
Merged

Add engineblock parameters for SBS integration #647

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions roles/engine/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ engine_api_feature_consent_remove: 0
engine_api_feature_metadata_api: 1
engine_api_feature_deprovision: 1
engine_feature_send_user_attributes: 0
engine_feature_enable_sbs_interrupt: 0

# Cutoff point for showing unfiltered IdPs on the WAYF
engine_wayf_cutoff_point_for_showing_unfiltered_idps: 50
Expand Down Expand Up @@ -76,6 +77,14 @@ engine_stepup_gateway_sfo_entity_id: "https://{{ engine_stepup_gateway_domain }}
# The single sign-on endpoint used for Stepup Gateway SFO callouts
engine_stepup_gateway_sfo_sso_location: "https://{{ engine_stepup_gateway_domain }}/second-factor-only/single-sign-on"

# SBS interrupt settings
engine_sbs_base_url: "sbs.{{ base_domain }}"
engine_sbs_attributes_allowed:
- 'urn:mace:dir:attribute-def:eduPersonEntitlement'
- 'urn:mace:dir:attribute-def:uid'
- 'urn:mace:dir:attribute-def:eduPersonPrincipalName'
- 'urn:oid:1.3.6.1.4.1.24552.500.1.1.1.13'

## The minimum priority of messages that will be logged
engine_logging_passthru_level: NOTICE

Expand Down
14 changes: 14 additions & 0 deletions roles/engine/templates/parameters.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -228,6 +228,7 @@ parameters:
feature_stepup_sfo_override_engine_entityid: {{ engine_feature_stepup_override_entityid | bool | to_json }}
feature_enable_idp_initiated_flow: {{ engine_feature_idp_initiated_flow | bool | to_json }}
feature_stepup_send_user_attributes: {{ engine_feature_send_user_attributes | bool | to_json }}
feature_enable_sram_interrupt: { { engine_feature_enable_sbs_interrupt | bool | to_json } }
##########################################################################################
## PROFILE SETTINGS
##########################################################################################
Expand Down Expand Up @@ -310,3 +311,16 @@ parameters:
# used in the authentication log record. The attributeName will be searched in the response attributes and if present
# the log data will be enriched. The values of the response attributes are the final values after ARP and Attribute Manipulation.
auth.log.attributes: {{ engine_log_attributes }}


##########################################################################################
## SBS external authorization/attribute enrichtment
##########################################################################################
sram.api_token: "{{ engine_sbs_api_token | default('') }}"
sram.base_url: "https://{{ engine_sbs_base_url }}/api/users/"
sram.authz_location: "authz_eb"
sram.attributes_location: "authz_eb"
sram.attributes_location: "attributes_eb"
sram.interrupt_location: "interrupt"
sram.verify_peer: true
sram.allowed_attributes: {{ engine_sbs_attributes_allowed }}