forked from ging/fiware-idm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.js
268 lines (242 loc) · 6.18 KB
/
config.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
const config = {};
config.port = 3000;
config.host = 'http://172.17.0.1:3000';
config.headless = false;
config.debug = false;
config.registration = {
redirect: '',
extension: '/?new_user=1'
};
// HTTPS enable
config.https = {
enabled: false,
cert_file: 'certs/idm-2018-cert.pem',
key_file: 'certs/idm-2018-key.pem',
ca_certs: [],
port: 443
};
// Config email list type to use domain filtering
config.email_list_type = null; // whitelist or blacklist
// Enable 2fa authentication
config.enable_2fa = process.env.IDM_ENABLE_2FA || false;
// Secret for user sessions in web
config.session = {
secret: require('crypto').randomBytes(20).toString('hex'), // Must be changed
expires: 60 * 60 * 1000 // 1 hour
};
// Key to encrypt user passwords
config.password_encryption = {
key: 'nodejs_idm' // Must be changed
};
// Enable CORS
config.cors = {
enabled: false,
options: {
/* eslint-disable snakecase/snakecase */
origin: '*',
methods: ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'],
allowedHeaders: '*',
exposedHeaders: undefined,
credentials: undefined,
maxAge: undefined,
preflightContinue: false,
optionsSuccessStatus: 204
/* eslint-enable snakecase/snakecase */
}
};
// Content Security Policy configuration
config.csp = {
form_action: undefined,
script_src: undefined
};
// Config oauth2 parameters
config.oauth2 = {
authorization_code_lifetime: 5 * 60, // Five minutes
access_token_lifetime: 60 * 60, // One hour
ask_authorization: true, // Prompt a message to users to allow the application to read their details
refresh_token_lifetime: 60 * 60 * 24 * 14, // Two weeks
unique_url: false, // This parameter allows to verify that an application with the same url
// does not exist when creating or editing it. If there are already applications
// with the same URL, they should be changed manually
not_require_client_authentication_grant_type: []
};
// Config oidc parameters
config.oidc = {
jwt_algorithm: 'HS256' // HS256,HS384,HS512,RS256
};
// Config api parameters
config.api = {
token_lifetime: 60 * 60 // One hour
};
// Configure Policy Decision Point (PDP)
// - IdM can perform basic policy checks (HTTP verb + path)
// - AuthZForce can perform basic policy checks as well as advanced
// If authorization level is advanced you can create rules, HTTP verb+resource and XACML advanced. In addition
// you need to have an instance of authzforce deployed to perform advanced authorization request from a Pep Proxy.
// If authorization level is basic, only HTTP verb+resource rules can be created
config.authorization = {
level: 'basic', // basic|payload|advanced
authzforce: {
enabled: false,
host: 'localhost',
port: 8080
}
};
// Enable usage control and configure where is the Policy Translation Point
config.usage_control = {
enabled: false,
ptp: {
host: 'localhost',
port: 8081
}
};
// Database info
config.database = {
host: 'localhost',
password: 'keyrock2020',
username: 'idm',
database: 'idm',
dialect: 'mysql',
port: undefined
};
// External user authentication
config.external_auth = {
enabled: false,
id_prefix: 'external_',
password_encryption: 'sha1', // bcrypt and sha1 supported
password_encryption_key: undefined,
database: {
host: 'localhost',
port: undefined,
database: 'db_name',
username: 'db_user',
password: 'db_pass',
user_table: 'user_view',
dialect: 'mysql'
}
};
// External user authentication with LDAP
// Testing credentials from https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
config.external_auth_ldap = {
enabled: false,
id_prefix: 'external_ldap_',
database: {
/* eslint-disable snakecase/snakecase */
host: 'ldap.forumsys.com',
port: 389,
reader_dn: 'cn=read-only-admin,dc=example,dc=com',
reader_password: 'password',
suffix: 'dc=example,dc=com',
idAttribute: 'uid',
usernameAttribute: 'uid',
emailAttribute: 'mail'
/* eslint-enable snakecase/snakecase */
}
};
// External Participant Registry
config.pr = {
url: undefined,
id: 'EU.EORI.NL000000000',
parties_endpoint: undefined,
token_endpoint: undefined,
client_id: undefined,
client_key: undefined,
client_crt: undefined
};
// External Authorization Registry
config.ar = {
url: undefined,
id: 'EU.EORI.NL000000004',
delegation_endpoint: undefined,
token_endpoint: undefined
};
// Email configuration
config.mail = {
host: 'localhost',
port: 25,
from: 'noreply@localhost',
secure: false,
enable_authentication: false,
auth: {
type: 'type',
user: 'username',
pass: 'pass'
}
};
// Config themes
config.site = {
title: 'Identity Manager',
theme: 'default'
};
// Config language
config.lang = {
default_lang: 'en'
};
// Config eIDAS Authentication
config.eidas = {
enabled: false,
gateway_host: 'localhost',
node_host: 'https://se-eidas.redsara.es/EidasNode/ServiceProvider',
metadata_expiration: 60 * 60 * 24 * 365 // One year
};
config.external_vc = {
enabled: false,
credential_location: 'local', // local, jwks
jwks: {
host: '',
path: '/verifier/.well-known/jwks_uri',
kid: ''
}
};
// Enables the possibility of adding identity attributes in users' profile
config.identity_attributes = {
/* eslint-disable snakecase/snakecase */
enabled: false,
attributes: [
{
name: 'Vision',
key: 'vision',
type: 'number',
minVal: '0',
maxVal: '100'
},
{
name: 'Color Perception',
key: 'color',
type: 'number',
minVal: '0',
maxVal: '100'
},
{
name: 'Hearing',
key: 'hearing',
type: 'number',
minVal: '0',
maxVal: '100'
},
{
name: 'Vocal Capability',
key: 'vocal',
type: 'number',
minVal: '0',
maxVal: '100'
},
{
name: 'Manipulation Strength',
key: 'manipulation',
type: 'number',
minVal: '0',
maxVal: '100'
},
{ name: 'Reach', key: 'reach', type: 'number', minVal: '0', maxVal: '100' },
{
name: 'Cognition',
key: 'cognition',
type: 'number',
minVal: '0',
maxVal: '100'
}
]
/* eslint-enable snakecase/snakecase */
};
module.exports = config;