From 95f436730806e0843234e955f380a3fec6255221 Mon Sep 17 00:00:00 2001 From: Ricardo van der Heijden <20791917+ricardovdheijden@users.noreply.github.com> Date: Thu, 7 May 2026 15:38:20 +0200 Subject: [PATCH 1/3] 542 Adds missing application.yml entries --- roles/myconext/templates/application.yml.j2 | 23 +++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 9e2af3722..23a192d53 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -100,6 +100,7 @@ guest_idp_entity_id: https://engine.{{ base_domain }}/authentication/idp/metadat my_conext_url: https://mijn.{{ myconext_base_domain }} domain: {{ myconext_base_domain }} mijn_eduid_entity_id: https://mijn.{{ myconext_base_domain }}/shibboleth +mijn_eduid_service_name: "Mijn eduID" mobile_app_redirect: eduid:///client/mobile # For this RP we nudge the user to use the magic link mobile_app_rp_entity_id: {{ myconext.mobile_app_rp_entity_id }} @@ -256,6 +257,10 @@ account_linking_context_class_ref: validate_names_external: https://eduid.nl/trust/validate-names-external affiliation_student: https://eduid.nl/trust/affiliation-student profile_mfa: https://refeds.org/profile/mfa + linked_institution_mfa: https://eduid.nl/trust/linked-institution/mfa + validate_names_mfa: https://eduid.nl/trust/validate-names/mfa + validate_names_external_mfa: https://eduid.nl/trust/validate-names-external/mfa + affiliation_student_mfa: https://eduid.nl/trust/affiliation-student/mfa account_linking: myconext_sp_entity_id: https://mijn.{{ myconext_base_domain }}/shibboleth @@ -294,6 +299,24 @@ spring: port: 25 main: banner-mode: "off" + security: + oauth2: + client: + registration: + oidcng: + client-id: "{{ myconext.oidc_client_id }}" + client-secret: "{{ myconext.oidc_secret }}" + redirect-uri: "https://{baseHost}{basePort}{basePath}/login/oauth2/code/{registrationId}" + authorization-grant-type: "authorization_code" + scope: openid + provider: + oidcng: + authorization-uri: "https://connect.{{ base_domain }}/oidc/authorize" + token-uri: "https://connect.{{ base_domain }}/oidc/token" + user-info-uri: "https://connect.{{ base_domain }}/oidc/userinfo" + jwk-set-uri: "https://connect.{{ base_domain }}/oidc/certs" + user-name-attribute: sub + user-info-authentication-method: client_secret_basic service_desk_role_auto_provisioning: False service_desk_roles: {{ myconext.service_desk_roles | join(",") }} From 552ba67e874f62eb66ff527a1dea50209498f62c Mon Sep 17 00:00:00 2001 From: Ricardo van der Heijden <20791917+ricardovdheijden@users.noreply.github.com> Date: Wed, 13 May 2026 11:36:44 +0200 Subject: [PATCH 2/3] #542 Updates application.yml due to introduction of OIDC in the myconext app --- roles/myconext/templates/application.yml.j2 | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 23a192d53..28a90918f 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -89,11 +89,13 @@ mongodb_db: {{ myconext.mongo_database }} base_domain: {{ myconext_base_domain }} saml_metadata_base_path: https://login.{{ myconext_base_domain }} base_path: https://mijn.{{ myconext_base_domain }} +base_path_service_desk: https://servicedesk.{{ myconext_base_domain }} continue_after_login_url: https://login.{{ myconext_base_domain }}/saml/guest-idp/continue idp_redirect_url: https://login.{{ myconext_base_domain }} rp_id: login.{{ myconext_base_domain }} rp_origin: https://login.{{ myconext_base_domain }} sp_redirect_url: https://mijn.{{ myconext_base_domain }} +sp_servicedesk_redirect_url: https://servicedesk.{{ myconext_base_domain }} sp_entity_id: {{ myconext.sp_entity_id }} sp_entity_metadata_url: {{ myconext.sp_entity_metadata_url }} guest_idp_entity_id: https://engine.{{ base_domain }}/authentication/idp/metadata @@ -303,12 +305,20 @@ spring: oauth2: client: registration: - oidcng: - client-id: "{{ myconext.oidc_client_id }}" - client-secret: "{{ myconext.oidc_secret }}" - redirect-uri: "https://{baseHost}{basePort}{basePath}/login/oauth2/code/{registrationId}" + mijn_eduid: + client-id: "{{ myconext.mijn_eduid_oidc_client_id }}" + client-secret: "{{ myconext.mijn_eduid_oidc_secret }}" + redirect-uri: "https://mijn.{{ myconext_base_domain }}/login/oauth2/code/{registrationId}" + authorization-grant-type: "authorization_code" + scope: openid + provider: oidcng + service_desk: + client-id: "{{ myconext.service_desk_oidc_client_id }}" + client-secret: "{{ myconext.service_desk_oidc_secret }}" + redirect-uri: "https://servicedesk.{{ myconext_base_domain }}/login/oauth2/code/{registrationId}" authorization-grant-type: "authorization_code" scope: openid + provider: oidcng provider: oidcng: authorization-uri: "https://connect.{{ base_domain }}/oidc/authorize" From d6e4d0199c60faa02012f663c5ee7747caa0e4bf Mon Sep 17 00:00:00 2001 From: Ricardo van der Heijden <20791917+ricardovdheijden@users.noreply.github.com> Date: Tue, 19 May 2026 16:23:33 +0200 Subject: [PATCH 3/3] #542 Renames mijn_eduid to my_conext --- roles/myconext/templates/application.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 28a90918f..f973d3218 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -305,7 +305,7 @@ spring: oauth2: client: registration: - mijn_eduid: + my_conext: client-id: "{{ myconext.mijn_eduid_oidc_client_id }}" client-secret: "{{ myconext.mijn_eduid_oidc_secret }}" redirect-uri: "https://mijn.{{ myconext_base_domain }}/login/oauth2/code/{registrationId}"