IP1={{ local_mgmt_ip }}
IP2={{ public_address }}

## Management Server configuration.
MSIP=$IP1
MGMT_PORT={{ ms_ext_mgmt_port }}
# Edge sys admin username and password as set when you installed Edge.
ADMIN_EMAIL={{ opdk_user_email }}
APIGEE_ADMINPW={{ opdk_user_pass }}
# Set the protocol for the Edge management API. Default is http.
# Set to https if you enabled TLS on the management API.
MS_SCHEME={{ edge_sso_ms_scheme | default('http') }}

## Postgres configuration.
PG_HOST=$IP1
PG_PORT=5432
# Postgres username and password as set when you installed Edge.
PG_USER={{ pg_user }}
PG_PWD={{ pg_pass }}

# apigee-sso configuration.
SSO_PROFILE={{ edge_sso_profile | default("saml") }}
# Externally accessible IP or DNS name of apigee-sso.
SSO_PUBLIC_URL_HOSTNAME=$IP2
# Default port is 9099. If changing, set both properties to the same value.
SSO_PUBLIC_URL_PORT={{ edge_sso_public_url_port | default(9099) }}
SSO_TOMCAT_PORT={{ edge_sso_tomcat_port | default(9099) }}
# Set Tomcat TLS mode to DEFAULT to use HTTP access to apigee-sso.
SSO_TOMCAT_PROFILE={{ edge_sso_tomcat_profile | default('DEFAULT') }}
SSO_PUBLIC_URL_SCHEME={{ edge_sso_public_url_scheme | default('http') }}

# SSO admin user name. The default is ssoadmin.
SSO_ADMIN_NAME={{ edge_sso_admin_name | default('ssoadmin') }}
# SSO admin password using uppercase, lowercase, number, and special chars.
SSO_ADMIN_SECRET={{ edge_sso_admin_secret | default(opdk_user_pass) }}

# Path to signing key and secret from "Create the TLS keys and certificates" above.
SSO_JWT_SIGNINIG_KEY_FILEPATH={{ edge_sso_jwt_signing_key_filepath | default('/opt/apigee/customer/application/apigee-sso/jwt-keys/privkey.pem') }}
SSO_JWT_VERIFICATION_KEY_FILEPATH={{  edge_sso_jwt_verification_key_filepath | default('/opt/apigee/customer/application/apigee-sso/jwt-keys/pubkey.pem') }}

# Name of SAML IDP. For example, okta or adfs.
SSO_SAML_IDP_NAME={{ edge_sso_saml_ipd_name | default('okta') }}
# Text displayed to user when they attempt to access Edge UI.
SSO_SAML_IDP_LOGIN_TEXT={{ edge_sso_saml_ipd_login_text | default("Please log in to your IDP") }}

# The metadata URL from your IDP.
# If you have a metadata file, and not a URL,
# see "Specifying a metadata file instead of a URL" below.
SSO_SAML_IDP_METADATA_URL={{ edge_sso_saml_idp_metadata_url }}

# Specifies to skip TLS validation for the URL specified
# by SSO_SAML_IDP_METADATA_URL. Necessary if URL uses a self-signed cert.
# Default value is "n".
SSO_SAML_IDPMETAURL_SKIPSSLVALIDATION={{ edge_sso_saml_idpmetaurl_skipsslvalidation | default('n') }}

# SAML service provider key and cert from "Create the TLS keys and certificates" above.
SSO_SAML_SERVICE_PROVIDER_KEY={{ edge_sso_saml_service_provider_key | default('/opt/apigee/customer/application/apigee-sso/saml/server.key') }}
SSO_SAML_SERVICE_PROVIDER_CERTIFICATE={{  edge_sso_saml_service_provider_certificate | default('/opt/apigee/customer/application/apigee-sso/saml/selfsigned.crt') }}
# The passphrase used when you created the SAML cert and key.
# The section "Create the TLS keys and certificates" above removes the passphrase,
# but this property is available if you require a passphrase.
# SSO_SAML_SERVICE_PROVIDER_PASSWORD={{ edge_sso_saml_service_provider_password | default('samlSP123') }}

# Must configure an SMTP server so Edge SSO can send emails to users.
SMTPMAILFROM="{{ opdk_smtp_mail_from }} <{{  opdk_user_email }}>"

SKIP_SMTP={{ opdk_smtp_skip }}
{% if opdk_smtp_skip | trim == 'y' %}
    SMTPHOST={{ opdk_smtp_host }}
    SMTPPORT={{ opdk_smtp_port }}
    SMTPUSER={{ opdk_smtp_user }}
    SMTPPASSWORD='{{ opdk_smtp_password }}'
    SMTPSSL={{ opdk_smtp_ssl }}
{% endif %}