Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
C
configuration
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
edx
configuration
Commits
5c8e87fc
Commit
5c8e87fc
authored
Aug 11, 2017
by
Ahsan Ul Haq
Committed by
GitHub
Aug 11, 2017
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #4036 from edx/ahsan/LEARNER-2107-SSO-broken-for-sandboxes
Fixed SSO for sandboxes
parents
45c8a682
94b8d14f
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
30 additions
and
27 deletions
+30
-27
CHANGELOG.md
+14
-0
playbooks/roles/credentials/defaults/main.yml
+8
-15
playbooks/roles/ecommerce/defaults/main.yml
+7
-12
util/jenkins/ansible-provision.sh
+1
-0
No files found.
CHANGELOG.md
View file @
5c8e87fc
...
...
@@ -359,3 +359,17 @@
-
Role: edxapp
-
Added
`PASSWORD_MIN_LENGTH`
for password minimum length validation on reset page.
-
Added
`PASSWORD_MAX_LENGTH`
for password maximum length validation on reset page.
-
Role: credentials
-
Replaced
`CREDENTIALS_OAUTH_URL_ROOT`
with
`COMMON_OAUTH_URL_ROOT`
from
`common_vars`
-
Replaced
`CREDENTIALS_OIDC_LOGOUT_URL`
with
`COMMON_OAUTH_LOGOUT_URL`
from
`common_vars`
-
Replaced
`CREDENTIALS_JWT_AUDIENCE`
with
`COMMON_JWT_AUDIENCE`
from
`common_vars`
-
Replaced
`CREDENTIALS_JWT_ISSUER`
with
`COMMON_JWT_ISSUER`
from
`common_vars`
-
Replaced
`CREDENTIALS_JWT_SECRET_KEY`
with
`COMMON_JWT_SECRET_KEY`
from
`common_vars`
-
Replaced
`CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_ISSUER`
with
`COMMON_JWT_ISSUER`
from
`common_vars`
-
Role: ecommerce
-
Replaced
`ECOMMERCE_OAUTH_URL_ROOT`
with
`COMMON_OAUTH_URL_ROOT`
from
`common_vars`
-
Replaced
`ECOMMERCE_OIDC_LOGOUT_URL`
with
`COMMON_OAUTH_LOGOUT_URL`
from
`common_vars`
-
Replaced
`ECOMMERCE_JWT_SECRET_KEY`
with
`COMMON_JWT_SECRET_KEY`
from
`common_vars`
-
Replaced
`ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_ISSUER`
with
`COMMON_JWT_ISSUER`
from
`common_vars`
playbooks/roles/credentials/defaults/main.yml
View file @
5c8e87fc
...
...
@@ -53,8 +53,6 @@ CREDENTIALS_DJANGO_SETTINGS_MODULE: "credentials.settings.production"
CREDENTIALS_DOMAIN
:
'
credentials'
CREDENTIALS_URL_ROOT
:
'
http://{{
CREDENTIALS_DOMAIN
}}:18150'
CREDENTIALS_LOGOUT_URL
:
'
{{
CREDENTIALS_URL_ROOT
}}/logout/'
CREDENTIALS_OAUTH_URL_ROOT
:
'
{{
EDXAPP_LMS_ROOT_URL
|
default("http://127.0.0.1:8000")
}}/oauth2'
CREDENTIALS_OIDC_LOGOUT_URL
:
'
{{
EDXAPP_LMS_ROOT_URL
|
default("http://127.0.0.1:8000")
}}/logout'
CREDENTIALS_SESSION_EXPIRE_AT_BROWSER_CLOSE
:
false
...
...
@@ -66,7 +64,6 @@ CREDENTIALS_LANGUAGE_CODE: 'en_US.UTF-8'
CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_KEY
:
'
SET-ME-TO-A-UNIQUE-LONG-RANDOM-STRING'
CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET
:
'
SET-ME-TO-A-UNIQUE-LONG-RANDOM-STRING'
CREDENTIALS_SOCIAL_AUTH_REDIRECT_IS_HTTPS
:
false
CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_ISSUER
:
'
{{
CREDENTIALS_OAUTH_URL_ROOT
}}'
CREDENTIALS_SERVICE_USER
:
'
credentials_service_user'
...
...
@@ -146,17 +143,13 @@ NGINX_CREDENTIALS_GUNICORN_HOSTS:
CREDENTIALS_EXTRA_APPS
:
[]
CREDENTIALS_JWT_AUDIENCE
:
'
{{
EDXAPP_JWT_AUDIENCE
|
default("SET-ME-PLEASE")
}}'
CREDENTIALS_JWT_ISSUER
:
'
{{
CREDENTIALS_OAUTH_URL_ROOT
}}'
CREDENTIALS_JWT_SECRET_KEY
:
'
{{
EDXAPP_JWT_SECRET_KEY
|
default("lms-secret")
}}'
CREDENTIALS_JWT_AUTH
:
JWT_ISSUERS
:
-
AUDIENCE
:
'
{{
C
REDENTIALS
_JWT_AUDIENCE
}}'
ISSUER
:
'
{{
C
REDENTIALS
_JWT_ISSUER
}}'
SECRET_KEY
:
'
{{
C
REDENTIALS
_JWT_SECRET_KEY
}}'
-
AUDIENCE
:
'
{{
C
OMMON
_JWT_AUDIENCE
}}'
ISSUER
:
'
{{
C
OMMON
_JWT_ISSUER
}}'
SECRET_KEY
:
'
{{
C
OMMON
_JWT_SECRET_KEY
}}'
-
AUDIENCE
:
'
{{
CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_KEY
}}'
ISSUER
:
'
{{
C
REDENTIALS
_JWT_ISSUER
}}'
ISSUER
:
'
{{
C
OMMON
_JWT_ISSUER
}}'
SECRET_KEY
:
'
{{
CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET
}}'
CREDENTIALS_SERVICE_CONFIG
:
...
...
@@ -166,14 +159,14 @@ CREDENTIALS_SERVICE_CONFIG:
TIME_ZONE
:
'
{{
CREDENTIALS_TIME_ZONE
}}'
LANGUAGE_CODE
:
'
{{
CREDENTIALS_LANGUAGE_CODE
}}'
OAUTH2_PROVIDER_URL
:
'
{{
C
REDENTIALS
_OAUTH_URL_ROOT
}}'
OAUTH2_PROVIDER_URL
:
'
{{
C
OMMON
_OAUTH_URL_ROOT
}}'
SOCIAL_AUTH_EDX_OIDC_KEY
:
'
{{
CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_KEY
}}'
SOCIAL_AUTH_EDX_OIDC_SECRET
:
'
{{
CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET
}}'
SOCIAL_AUTH_EDX_OIDC_ID_TOKEN_DECRYPTION_KEY
:
'
{{
CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET
}}'
SOCIAL_AUTH_EDX_OIDC_URL_ROOT
:
'
{{
C
REDENTIALS
_OAUTH_URL_ROOT
}}'
SOCIAL_AUTH_EDX_OIDC_URL_ROOT
:
'
{{
C
OMMON
_OAUTH_URL_ROOT
}}'
SOCIAL_AUTH_REDIRECT_IS_HTTPS
:
'
{{
CREDENTIALS_SOCIAL_AUTH_REDIRECT_IS_HTTPS
}}'
SOCIAL_AUTH_EDX_OIDC_LOGOUT_URL
:
'
{{
C
REDENTIALS_OIDC
_LOGOUT_URL
}}'
SOCIAL_AUTH_EDX_OIDC_ISSUER
:
'
{{
C
REDENTIALS_SOCIAL_AUTH_EDX_OIDC
_ISSUER
}}'
SOCIAL_AUTH_EDX_OIDC_LOGOUT_URL
:
'
{{
C
OMMON_OAUTH
_LOGOUT_URL
}}'
SOCIAL_AUTH_EDX_OIDC_ISSUER
:
'
{{
C
OMMON_JWT
_ISSUER
}}'
EXTRA_APPS
:
'
{{
CREDENTIALS_EXTRA_APPS
}}'
...
...
playbooks/roles/ecommerce/defaults/main.yml
View file @
5c8e87fc
...
...
@@ -44,9 +44,6 @@ ECOMMERCE_DATABASES:
ECOMMERCE_VERSION
:
"
master"
ECOMMERCE_DJANGO_SETTINGS_MODULE
:
"
ecommerce.settings.production"
ECOMMERCE_OAUTH_URL_ROOT
:
'
{{
EDXAPP_LMS_ROOT_URL
|
default("http://127.0.0.1:8000")
}}/oauth2'
ECOMMERCE_OIDC_LOGOUT_URL
:
'
{{
EDXAPP_LMS_ROOT_URL
|
default("http://127.0.0.1:8000")
}}/logout'
ECOMMERCE_SESSION_EXPIRE_AT_BROWSER_CLOSE
:
false
ECOMMERCE_SECRET_KEY
:
'
Your
secret
key
here'
ECOMMERCE_TIME_ZONE
:
'
UTC'
...
...
@@ -56,25 +53,23 @@ ECOMMERCE_EDX_API_KEY: 'PUT_YOUR_API_KEY_HERE' # This should match the value se
ECOMMERCE_ECOMMERCE_URL_ROOT
:
'
http://localhost:8002'
ECOMMERCE_LOGOUT_URL
:
'
{{
ECOMMERCE_ECOMMERCE_URL_ROOT
}}/logout/'
ECOMMERCE_LMS_URL_ROOT
:
'
http://127.0.0.1:8000'
ECOMMERCE_JWT_SECRET_KEY
:
'
{{
EDXAPP_JWT_SECRET_KEY
|
default("lms-secret")
}}'
ECOMMERCE_JWT_ALGORITHM
:
'
HS256'
ECOMMERCE_JWT_VERIFY_EXPIRATION
:
true
ECOMMERCE_JWT_DECODE_HANDLER
:
'
ecommerce.extensions.api.handlers.jwt_decode_handler'
ECOMMERCE_JWT_ISSUERS
:
-
'
{{
ECOMMERCE_OAUTH_URL_ROOT
}}'
-
'
{{
COMMON_JWT_ISSUER
}}'
-
'
ecommerce_worker'
# Must match the value of JWT_ISSUER configured for the ecommerce worker.
ECOMMERCE_JWT_LEEWAY
:
1
# NOTE: We have an array of keys to allow for support of multiple when, for example,
# we change keys. This will ensure we continue to operate with JWTs issued signed with the old key
# while migrating to the new key.
ECOMMERCE_JWT_SECRET_KEYS
:
-
'
{{
ECOMMERCE
_JWT_SECRET_KEY
}}'
-
'
{{
COMMON
_JWT_SECRET_KEY
}}'
# Used to automatically configure OAuth2 Client
ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_KEY
:
'
ecommerce-key'
ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_SECRET
:
'
ecommerce-secret'
ECOMMERCE_SOCIAL_AUTH_REDIRECT_IS_HTTPS
:
false
ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_ISSUER
:
'
{{
ECOMMERCE_OAUTH_URL_ROOT
}}'
# Settings for affiliate cookie tracking
ECOMMERCE_AFFILIATE_COOKIE_NAME
:
'
{{
EDXAPP_AFFILIATE_COOKIE_NAME
|
default("dev_affiliate_id")
}}'
...
...
@@ -193,20 +188,20 @@ ECOMMERCE_SERVICE_CONFIG:
COMMERCE_API_URL
:
'
{{
ECOMMERCE_LMS_URL_ROOT
}}/api/commerce/v1/'
LMS_DASHBOARD_URL
:
'
{{
ECOMMERCE_LMS_URL_ROOT
}}/dashboard'
JWT_AUTH
:
JWT_SECRET_KEY
:
'
{{
ECOMMERCE
_JWT_SECRET_KEY
}}'
JWT_SECRET_KEY
:
'
{{
COMMON
_JWT_SECRET_KEY
}}'
JWT_ALGORITHM
:
'
{{
ECOMMERCE_JWT_ALGORITHM
}}'
JWT_VERIFY_EXPIRATION
:
'
{{
ECOMMERCE_JWT_VERIFY_EXPIRATION
}}'
JWT_LEEWAY
:
'
{{
ECOMMERCE_JWT_LEEWAY
}}'
JWT_DECODE_HANDLER
:
'
{{
ECOMMERCE_JWT_DECODE_HANDLER
}}'
JWT_ISSUERS
:
'
{{
ECOMMERCE_JWT_ISSUERS
}}'
JWT_ISSUERS
:
'
{{
COMMON_JWT_ISSUER
}}'
JWT_SECRET_KEYS
:
'
{{
ECOMMERCE_JWT_SECRET_KEYS
}}'
SOCIAL_AUTH_EDX_OIDC_KEY
:
'
{{
ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_KEY
}}'
SOCIAL_AUTH_EDX_OIDC_SECRET
:
'
{{
ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_SECRET
}}'
SOCIAL_AUTH_EDX_OIDC_ID_TOKEN_DECRYPTION_KEY
:
'
{{
ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_SECRET
}}'
SOCIAL_AUTH_EDX_OIDC_URL_ROOT
:
'
{{
ECOMMERCE
_OAUTH_URL_ROOT
}}'
SOCIAL_AUTH_EDX_OIDC_LOGOUT_URL
:
'
{{
ECOMMERCE_OIDC
_LOGOUT_URL
}}'
SOCIAL_AUTH_EDX_OIDC_URL_ROOT
:
'
{{
COMMON
_OAUTH_URL_ROOT
}}'
SOCIAL_AUTH_EDX_OIDC_LOGOUT_URL
:
'
{{
COMMON_OAUTH
_LOGOUT_URL
}}'
SOCIAL_AUTH_REDIRECT_IS_HTTPS
:
'
{{
ECOMMERCE_SOCIAL_AUTH_REDIRECT_IS_HTTPS
}}'
SOCIAL_AUTH_EDX_OIDC_ISSUER
:
'
{{
ECOMMERCE_SOCIAL_AUTH_EDX_OIDC
_ISSUER
}}'
SOCIAL_AUTH_EDX_OIDC_ISSUER
:
'
{{
COMMON_JWT
_ISSUER
}}'
AFFILIATE_COOKIE_KEY
:
'
{{
ECOMMERCE_AFFILIATE_COOKIE_NAME
}}'
STATIC_ROOT
:
"
{{
COMMON_DATA_DIR
}}/{{
ecommerce_service_name
}}/staticfiles"
...
...
util/jenkins/ansible-provision.sh
View file @
5c8e87fc
...
...
@@ -269,6 +269,7 @@ COMMON_USER_INFO:
USER_CMD_PROMPT: '[
$name_tag
] '
COMMON_ENABLE_NEWRELIC_APP:
$enable_newrelic
COMMON_ENABLE_DATADOG:
$enable_datadog
COMMON_OAUTH_BASE_URL: "https://
${
deploy_host
}
"
FORUM_NEW_RELIC_ENABLE:
$enable_newrelic
ENABLE_PERFORMANCE_COURSE:
$performance_course
ENABLE_DEMO_TEST_COURSE:
$demo_test_course
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
