templates/edge-sso-installer-config.conf.j2 - private-cloud-ansible-playbooks/apigee-opdk-setup-edge-sso-config - Git at Google

 IP1={{ local_mgmt_ip }}
 IP2={{ private_address }}

 ## Management Server configuration.
 MSIP=$IP1
 MGMT_PORT={{ ms_ext_mgmt_port }}
 # Edge sys admin username and password as set when you installed Edge.
 ADMIN_EMAIL={{ opdk_user_email }}
 APIGEE_ADMINPW={{ opdk_user_pass }}
 # Set the protocol for the Edge management API. Default is http.
 # Set to https if you enabled TLS on the management API.
 MS_SCHEME={{ edge_sso_ms_scheme | default('http') }}

 ## Postgres configuration.
 PG_HOST=$IP1
 PG_PORT=5432
 # Postgres username and password as set when you installed Edge.
 PG_USER={{ pg_user }}
 PG_PWD={{ pg_pass }}

 # apigee-sso configuration.
 SSO_PROFILE={{ edge_sso_profile | default("saml") }}
 # Externally accessible IP or DNS name of apigee-sso.
 SSO_PUBLIC_URL_HOSTNAME=$IP2
 # Default port is 9099. If changing, set both properties to the same value.
 SSO_PUBLIC_URL_PORT={{ edge_sso_public_url_port | default(9099) }}
 SSO_TOMCAT_PORT={{ edge_sso_tomcat_port | default(9099) }}
 # Set Tomcat TLS mode to DEFAULT to use HTTP access to apigee-sso.
 SSO_TOMCAT_PROFILE={{ edge_sso_tomcat_profile | default('DEFAULT') }}
 SSO_PUBLIC_URL_SCHEME={{ edge_sso_public_url_scheme | default('http') }}

 # SSO admin user name. The default is ssoadmin.
 SSO_ADMIN_NAME={{ edge_sso_admin_name | default('ssoadmin') }}
 # SSO admin password using uppercase, lowercase, number, and special chars.
 SSO_ADMIN_SECRET={{ edge_sso_admin_secret | default(opdk_user_pass) }}

 # Path to signing key and secret from "Create the TLS keys and certificates" above.
 SSO_JWT_SIGNINIG_KEY_FILEPATH={{ edge_sso_jwt_signing_key_filepath | default('/opt/apigee/customer/application/apigee-sso/jwt-keys/privkey.pem') }}
 SSO_JWT_VERIFICATION_KEY_FILEPATH={{  edge_sso_jwt_verification_key_filepath | default('/opt/apigee/customer/application/apigee-sso/jwt-keys/pubkey.pem') }}

 # Name of SAML IDP. For example, okta or adfs.
 SSO_SAML_IDP_NAME={{ edge_sso_saml_ipd_name | default('okta') }}
 # Text displayed to user when they attempt to access Edge UI.
 SSO_SAML_IDP_LOGIN_TEXT="{{ edge_sso_saml_ipd_login_text | default("Please log in to your IDP") }}"

 # The metadata URL from your IDP.
 # If you have a metadata file, and not a URL,
 # see "Specifying a metadata file instead of a URL" below.
 SSO_SAML_IDP_METADATA_URL={{ edge_sso_saml_idp_metadata_url }}

 # Specifies to skip TLS validation for the URL specified
 # by SSO_SAML_IDP_METADATA_URL. Necessary if URL uses a self-signed cert.
 # Default value is "n".
 SSO_SAML_IDPMETAURL_SKIPSSLVALIDATION={{ edge_sso_saml_idpmetaurl_skipsslvalidation | default('n') }}

 # SAML service provider key and cert from "Create the TLS keys and certificates" above.
 SSO_SAML_SERVICE_PROVIDER_KEY={{ edge_sso_saml_service_provider_key | default('/opt/apigee/customer/application/apigee-sso/saml/server.key') }}
 SSO_SAML_SERVICE_PROVIDER_CERTIFICATE={{  edge_sso_saml_service_provider_certificate | default('/opt/apigee/customer/application/apigee-sso/saml/selfsigned.crt') }}
 # The passphrase used when you created the SAML cert and key.
 # The section "Create the TLS keys and certificates" above removes the passphrase,
 # but this property is available if you require a passphrase.
 # SSO_SAML_SERVICE_PROVIDER_PASSWORD={{ edge_sso_saml_service_provider_password | default('samlSP123') }}

 # Must configure an SMTP server so Edge SSO can send emails to users.
 SMTPMAILFROM="{{ opdk_smtp_mail_from }} <{{  opdk_user_email }}>"

 SKIP_SMTP={{ opdk_smtp_skip }}
 {% if opdk_smtp_skip | trim == 'n' %}
     SMTPHOST={{ opdk_smtp_host }}
     SMTPPORT={{ opdk_smtp_port }}
     SMTPUSER={{ opdk_smtp_user }}
     SMTPPASSWORD='{{ opdk_smtp_password }}'
     SMTPSSL={{ opdk_smtp_ssl }}
 {% endif %}
	IP1={{ local_mgmt_ip }}
	IP2={{ private_address }}

	## Management Server configuration.
	MSIP=$IP1
	MGMT_PORT={{ ms_ext_mgmt_port }}
	# Edge sys admin username and password as set when you installed Edge.
	ADMIN_EMAIL={{ opdk_user_email }}
	APIGEE_ADMINPW={{ opdk_user_pass }}
	# Set the protocol for the Edge management API. Default is http.
	# Set to https if you enabled TLS on the management API.
	MS_SCHEME={{ edge_sso_ms_scheme \| default('http') }}

	## Postgres configuration.
	PG_HOST=$IP1
	PG_PORT=5432
	# Postgres username and password as set when you installed Edge.
	PG_USER={{ pg_user }}
	PG_PWD={{ pg_pass }}

	# apigee-sso configuration.
	SSO_PROFILE={{ edge_sso_profile \| default("saml") }}
	# Externally accessible IP or DNS name of apigee-sso.
	SSO_PUBLIC_URL_HOSTNAME=$IP2
	# Default port is 9099. If changing, set both properties to the same value.
	SSO_PUBLIC_URL_PORT={{ edge_sso_public_url_port \| default(9099) }}
	SSO_TOMCAT_PORT={{ edge_sso_tomcat_port \| default(9099) }}
	# Set Tomcat TLS mode to DEFAULT to use HTTP access to apigee-sso.
	SSO_TOMCAT_PROFILE={{ edge_sso_tomcat_profile \| default('DEFAULT') }}
	SSO_PUBLIC_URL_SCHEME={{ edge_sso_public_url_scheme \| default('http') }}

	# SSO admin user name. The default is ssoadmin.
	SSO_ADMIN_NAME={{ edge_sso_admin_name \| default('ssoadmin') }}
	# SSO admin password using uppercase, lowercase, number, and special chars.
	SSO_ADMIN_SECRET={{ edge_sso_admin_secret \| default(opdk_user_pass) }}

	# Path to signing key and secret from "Create the TLS keys and certificates" above.
	SSO_JWT_SIGNINIG_KEY_FILEPATH={{ edge_sso_jwt_signing_key_filepath \| default('/opt/apigee/customer/application/apigee-sso/jwt-keys/privkey.pem') }}
	SSO_JWT_VERIFICATION_KEY_FILEPATH={{ edge_sso_jwt_verification_key_filepath \| default('/opt/apigee/customer/application/apigee-sso/jwt-keys/pubkey.pem') }}

	# Name of SAML IDP. For example, okta or adfs.
	SSO_SAML_IDP_NAME={{ edge_sso_saml_ipd_name \| default('okta') }}
	# Text displayed to user when they attempt to access Edge UI.
	SSO_SAML_IDP_LOGIN_TEXT="{{ edge_sso_saml_ipd_login_text \| default("Please log in to your IDP") }}"

	# The metadata URL from your IDP.
	# If you have a metadata file, and not a URL,
	# see "Specifying a metadata file instead of a URL" below.
	SSO_SAML_IDP_METADATA_URL={{ edge_sso_saml_idp_metadata_url }}

	# Specifies to skip TLS validation for the URL specified
	# by SSO_SAML_IDP_METADATA_URL. Necessary if URL uses a self-signed cert.
	# Default value is "n".
	SSO_SAML_IDPMETAURL_SKIPSSLVALIDATION={{ edge_sso_saml_idpmetaurl_skipsslvalidation \| default('n') }}

	# SAML service provider key and cert from "Create the TLS keys and certificates" above.
	SSO_SAML_SERVICE_PROVIDER_KEY={{ edge_sso_saml_service_provider_key \| default('/opt/apigee/customer/application/apigee-sso/saml/server.key') }}
	SSO_SAML_SERVICE_PROVIDER_CERTIFICATE={{ edge_sso_saml_service_provider_certificate \| default('/opt/apigee/customer/application/apigee-sso/saml/selfsigned.crt') }}
	# The passphrase used when you created the SAML cert and key.
	# The section "Create the TLS keys and certificates" above removes the passphrase,
	# but this property is available if you require a passphrase.
	# SSO_SAML_SERVICE_PROVIDER_PASSWORD={{ edge_sso_saml_service_provider_password \| default('samlSP123') }}

	# Must configure an SMTP server so Edge SSO can send emails to users.
	SMTPMAILFROM="{{ opdk_smtp_mail_from }} <{{ opdk_user_email }}>"

	SKIP_SMTP={{ opdk_smtp_skip }}
	{% if opdk_smtp_skip \| trim == 'n' %}
	SMTPHOST={{ opdk_smtp_host }}
	SMTPPORT={{ opdk_smtp_port }}
	SMTPUSER={{ opdk_smtp_user }}
	SMTPPASSWORD='{{ opdk_smtp_password }}'
	SMTPSSL={{ opdk_smtp_ssl }}
	{% endif %}