-
Notifications
You must be signed in to change notification settings - Fork 12
/
configuration_default.yaml
259 lines (230 loc) · 12.5 KB
/
configuration_default.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
sessions_secret_key: ~
# !! HIGHLY RECOMMENDED TO SET ! "salt should be about 16 or more bytes from a proper source, e.g. os.urandom()"
password_salt: ~ # if unset or not present, the passwords are stored hashed using sha512(password)
# if set, the passwords are stored hashed using pbkdf2_hmac with the provided salt
password_hash_iterations: 100000 # set it to the capabilities of your server. 100000 is recommended but could be too
# heavy for your server
caching:
cache_pages: yes # set to true if the rendered pages must be cached as Jinja templates instead of
# re-rendering them each time
default_course: default
courses:
default:
sphinx: no
use_logged_out_img: no
title: Syllabus
inginious:
url: http://inginious_instance.example:port
course_id: id
# the "pattern" parameter for the INGInious simple_grader plugin
simple_grader_pattern: /simple_grader
# if yes, the INGInious POST requests will be sent to this server instead of the real
# INGINious instance. This server will then do the request itself to the INGInious instance,
# to avoid same origin policy problem (when the INGInious instance does not allow the use of CORS)
same_origin_proxy: yes
# LTI-related config. If you want to use LTI, uncomment the following lines:
lti:
consumer_secret: my_super_key
consumer_key: my_super_consumer_key
tool_url: ~ # url of the syllabus using this INGInious course
tool_description: ~ # description the syllabus using this INGInious course to announce over LTI
tool_context_id: ~
tool_context_label: ~
tool_context_title: ~
pages:
# indicates the location where the pages directory is located. It has a lower priority than the SYLLABUS_PAGES_PATH
# environment variable. If none of these is set, the path will be considered as in the current working directory.
path: ~
# Git related config. Allows to synchronize the syllabus pages directory with a Git repository.
# If you want to use this feature, uncomment the following lines.
#git:
# # url of the git remote that will be used to get the pages of the syllabus.
# # the git repo will be force-pulled from the remote
# # if a deployment key is specified and github is used, the string must be in the following format:
# # "[email protected]:user/repo.git"
# remote: ~
# branch: master
# # The path to the private key used to pull the specified repository
# repository_private_key_path: ~
sphinx:
use_logged_out_img: no
sphinx:
source_dir: ~
build_dir: ~
conf_dir: ~
index_page: ~ # sets the path of the html file inside source_dir that contains the index, set to none for "index.html"
title: SyllabusSphinx
inginious:
url: http://inginious_instance.example:port
course_id: id
# if yes, the INGInious POST requests will be sent to this server instead of the real
# INGINious instance. This server will then do the request itself to the INGInious instance,
# to avoid same origin policy problem (when the INGInious instance does not allow the use of CORS)
same_origin_proxy: yes
# LTI-related config. If you want to use LTI, uncomment the following lines:
lti:
consumer_secret: my_super_key
consumer_key: my_super_consumer_key
tool_url: ~ # url of the syllabus using this INGInious course
tool_description: ~ # description the syllabus using this INGInious course to announce over LTI
tool_context_id: ~
tool_context_label: ~
tool_context_title: ~
pages:
# indicates the location where the pages directory is located. It has a lower priority than the SYLLABUS_PAGES_PATH
# environment variable. If none of these is set, the path will be considered as in the current working directory.
path: pages_sphinx
# Git related config. Allows to synchronize the syllabus pages directory with a Git repository.
# If you want to use this feature, uncomment the following lines.
#git:
# # url of the git remote that will be used to get the pages of the syllabus.
# # the git repo will be force-pulled from the remote
# # if a deployment key is specified and github is used, the string must be in the following format:
# # "[email protected]:user/repo.git"
# remote: ~
# branch: master
# # The path to the private key used to pull the specified repository
# repository_private_key_path: ~
# Enables/disables the live preview of the rST editor in the admin panel
enable_editing_preview: yes
# Specifies the authentication methods that can be used by the syllabus.
# The list can contain "local", "saml" or both
authentication_methods:
local:
# e-mail activation send an e-mail to the newly registered users in order to activate their account
email_activation:
required: yes # set this to no to disable email activation (users won't need to activate their account anymore)
use_ssl: yes # set this to no to disable the use of SSL for SMTP
smtp_server: mysmtpserver.example # name of the smtp server to which send the activation e-mail
smtp_server_port: ~ # if not defined, will be set to 465 if use_ssl is yes, it will be set to 25 otherwise
sender_email_address: [email protected] # e-mail address used by the application to send the activation e-mail
secret: activation_secret # Use to generate the hash for the activation link
authentication:
required: yes
username: username
password: mypassword
# SAML-related configuration
saml:
idp_name: SAML # SAML IDP name (e.g.: "Identity provider of company X"): displayed to the user in the log in and register pages
sp:
# Identifier of the SP entity (must be a URI)
entityId: "https://your_instance_hostname/saml"
# Specifies info about where and how the <AuthnResponse> message MUST be
# returned to the requester, in this case our SP.
assertionConsumerService:
# URL Location where the <Response> from the IdP will be returned
url: "https://your_instance_hostname/saml"
# SAML protocol binding to be used when returning the <Response>
# message. OneLogin Toolkit supports this endpoint for the
# HTTP-POST binding only.
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
# If you need to specify requested attributes, set a
# attributeConsumingService. nameFormat, attributeValue and
# friendlyName can be omitted
# attributeConsumingService:
# serviceName: "SP test"
# serviceDescription: "Test Service"
# requestedAttributes:
# - name: ""
# isRequired: false
# nameFormat: ""
# friendlyName: ""
# attributeValue: []
# Specifies info about where and how the <Logout Response> message MUST be
# returned to the requester, in this case our SP.
singleLogoutService:
# URL Location where the <Response> from the IdP will be returned
url: "https://your_instance_hostname/saml"
# SAML protocol binding to be used when returning the <Response>
# message. OneLogin Toolkit supports the HTTP-Redirect binding
# only for this endpoint.
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
# Specifies the constraints on the name identifier to be used to
# represent the requested subject.
# Take a look on src/onelogin/saml2/constants.py to see the NameIdFormat that are supported.
NameIDFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
# Usually x509cert and privateKey of the SP are provided by files placed at
# the certs folder. But we can also provide them with the following parameters
x509cert: ""
privateKey: ""
attrs:
realname: 'urn:oid:2.16.840.1.113730.3.1.241'
email: 'urn:oid:0.9.2342.19200300.100.1.3'
# Key rollover
# If you plan to update the SP x509cert and privateKey
# you can define here the new x509cert and it will be
# published on the SP metadata so Identity Providers can
# read them and get ready for rollover.
#
# 'x509certNew': '',
# Identity Provider Data that we want connected with our SP.
# the default configuration shows a configuration to use samltest.id as an IdP
idp:
# Identifier of the IdP entity (must be a URI)
entityId: '"https://samltest.id/saml/idp"'
# SSO endpoint info of the IdP. (Authentication Request protocol)
singleSignOnService:
# URL Target of the IdP where the Authentication Request Message
# will be sent.
url: 'https://samltest.id/idp/profile/SAML2/Redirect/SSO'
# SAML protocol binding to be used when returning the <Response>
# message. OneLogin Toolkit supports the HTTP-Redirect binding
# only for this endpoint.
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
# SLO endpoint info of the IdP.
singleLogoutService:
# URL Location of the IdP where SLO Request will be sent.
url: 'https://idp.testshib.org/idp/profile/SAML2/Redirect/SLO'
# SAML protocol binding to be used when returning the <Response>
# message. OneLogin Toolkit supports the HTTP-Redirect binding
# only for this endpoint.
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
# Public x509 certificate of the IdP
x509cert: |
MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEB
CwUAMBYxFDASBgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4
MDgyNDIxMTQwOVowFjEUMBIGA1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFKs71ufbQwoQoW7qkNAJRIANGA4iM0
ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyjxj0uJ4lArgkr4AOE
jj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVNc1kl
bN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF
/cL5fOpdVa54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8n
spXiH/MZW8o2cqWRkrw3MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0G
A1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE4k2ZNTA0BgNVHREELTArggtzYW1sdGVz
dC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lkcDANBgkqhkiG9w0BAQsF
AAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3YaMb2RSn
7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHT
TNiLArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nbl
D1JJKSQ3AdhxK/weP3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcU
ZOpx4swtgGdeoSpeRyrtMvRwdcciNBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu
3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==
# Instead of using the whole x509cert you can use a fingerprint in order to
# validate a SAMLResponse, but you will need it to validate LogoutRequest and LogoutResponse using the HTTP-Redirect binding.
#
# (openssl x509 -noout -fingerprint -in "idp.crt" to generate it,
# or add for example the -sha256 , -sha384 or -sha512 parameter)
#
# If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to
# let the toolkit know which algorithm was used. Possible values: sha1, sha256, sha384 or sha512
# 'sha1' is the default value.
#
# Notice that if you want to validate any SAML Message sent by the HTTP-Redirect binding, you
# will need to provide the whole x509cert.
#
# 'certFingerprint': '',
# 'certFingerprintAlgorithm': 'sha1',
# In some scenarios the IdP uses different certificates for
# signing/encryption, or is under key rollover phase and
# more than one certificate is published on IdP metadata.
# In order to handle that the toolkit offers that parameter.
# (when used, 'x509cert' and 'certFingerprint' values are
# ignored).
#
# 'x509certMulti': {
# 'signing': [
# '<cert1-string>'
# ],
# 'encryption': [
# '<cert2-string>'
# ]
# }