Skip to content

Commit

Permalink
[#2297] Process PR feedback for automating config docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@pi-sigma
pi-sigma committed Apr 20, 2024
1 parent 0910f39 commit d8fc358
Show file tree
Hide file tree
Showing 23 changed files with 333 additions and 522 deletions.
35 changes: 7 additions & 28 deletions docs/configuration/digid_oidc.rst
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
.. _digid_oidc:


========================
DigiD OIDC configuration
DigiD OIDC Configuration
========================


Expand Down Expand Up @@ -55,141 +54,121 @@ Detailed Information
Variable DIGID_OIDC_OIDC_RP_CLIENT_ID
Setting OpenID Connect client ID
Description OpenID Connect client ID provided by the OIDC Provider
Model field type CharField
Possible values string
Default value No default
Variable DIGID_OIDC_OIDC_RP_CLIENT_SECRET
Setting OpenID Connect secret
Description OpenID Connect secret provided by the OIDC Provider
Model field type CharField
Possible values string
Default value No default
Variable DIGID_OIDC_OIDC_RP_SIGN_ALGO
Setting OpenID sign algorithm
Description Algorithm the Identity Provider uses to sign ID tokens
Model field type CharField
Possible values string
Default value HS256
Variable DIGID_OIDC_OIDC_OP_DISCOVERY_ENDPOINT
Setting Discovery endpoint
Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint.
Model field type CharField
Possible values string
Default value No default
Variable DIGID_OIDC_OIDC_OP_JWKS_ENDPOINT
Setting JSON Web Key Set endpoint
Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm.
Model field type CharField
Possible values string
Default value No default
Variable DIGID_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT
Setting Authorization endpoint
Description URL of your OpenID Connect provider authorization endpoint
Model field type CharField
Possible values string
Default value No default
Variable DIGID_OIDC_OIDC_OP_TOKEN_ENDPOINT
Setting Token endpoint
Description URL of your OpenID Connect provider token endpoint
Model field type CharField
Possible values string
Default value No default
Variable DIGID_OIDC_OIDC_OP_USER_ENDPOINT
Setting User endpoint
Description URL of your OpenID Connect provider userinfo endpoint
Model field type CharField
Possible values string
Default value No default
Variable DIGID_OIDC_OIDC_RP_IDP_SIGN_KEY
Setting Sign key
Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format.
Model field type CharField
Possible values string
Default value No default
Variable DIGID_OIDC_OIDC_USE_NONCE
Setting Use nonce
Description Controls whether the OpenID Connect client uses nonce verification
Model field type BooleanField
Possible values True, False
Default value True
Variable DIGID_OIDC_OIDC_NONCE_SIZE
Setting Nonce size
Description Sets the length of the random string used for OpenID Connect nonce verification
Model field type PositiveIntegerField
Possible values string representing a (positive) number
Possible values string representing a positive number
Default value 32
Variable DIGID_OIDC_OIDC_STATE_SIZE
Setting State size
Description Sets the length of the random string used for OpenID Connect state verification
Model field type PositiveIntegerField
Possible values string representing a (positive) number
Possible values string representing a positive number
Default value 32
Variable DIGID_OIDC_OIDC_EXEMPT_URLS
Setting URLs exempt from session renewal
Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware.
Model field type ArrayField
Possible values string, comma-delimited ('foo,bar,baz')
Default value No information
Default value []
Variable DIGID_OIDC_USERINFO_CLAIMS_SOURCE
Setting user information claims extracted from
Description Indicates the source from which the user information claims should be extracted.
Model field type CharField
Possible values string
Possible values userinfo_endpoint, id_token
Default value userinfo_endpoint
Variable DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT
Setting Logout endpoint
Description URL of your OpenID Connect provider logout endpoint
Model field type CharField
Possible values string
Default value No default
Variable DIGID_OIDC_ERROR_MESSAGE_MAPPING
Setting Error message mapping
Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user
Model field type JSONField
Possible values No information available
Default value No information
Default value {}
Variable DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT
Setting Keycloak Identity Provider hint
Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen).
Model field type CharField
Possible values string
Default value No default
Variable DIGID_OIDC_ENABLED
Setting enable
Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for DigiD authentication.
Model field type BooleanField
Possible values True, False
Default value False
Variable DIGID_OIDC_IDENTIFIER_CLAIM_NAME
Setting BSN claim name
Description The name of the claim in which the BSN of the user is stored
Model field type CharField
Possible values string
Default value bsn
Variable DIGID_OIDC_OIDC_RP_SCOPES_LIST
Setting OpenID Connect scopes
Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider
Model field type ArrayField
Possible values string, comma-delimited ('foo,bar,baz')
Default value No information
Default value ['openid', 'bsn']
39 changes: 9 additions & 30 deletions docs/configuration/eherkenning_oidc.rst
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
.. _eherkenning_oidc:


========================
eHerkenning OIDC configuration
========================
==============================
eHerkenning OIDC Configuration
==============================


Settings Overview
Expand Down Expand Up @@ -55,141 +54,121 @@ Detailed Information
Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_ID
Setting OpenID Connect client ID
Description OpenID Connect client ID provided by the OIDC Provider
Model field type CharField
Possible values string
Default value No default
Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET
Setting OpenID Connect secret
Description OpenID Connect secret provided by the OIDC Provider
Model field type CharField
Possible values string
Default value No default
Variable EHERKENNING_OIDC_OIDC_RP_SIGN_ALGO
Setting OpenID sign algorithm
Description Algorithm the Identity Provider uses to sign ID tokens
Model field type CharField
Possible values string
Default value HS256
Variable EHERKENNING_OIDC_OIDC_OP_DISCOVERY_ENDPOINT
Setting Discovery endpoint
Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint.
Model field type CharField
Possible values string
Default value No default
Variable EHERKENNING_OIDC_OIDC_OP_JWKS_ENDPOINT
Setting JSON Web Key Set endpoint
Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm.
Model field type CharField
Possible values string
Default value No default
Variable EHERKENNING_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT
Setting Authorization endpoint
Description URL of your OpenID Connect provider authorization endpoint
Model field type CharField
Possible values string
Default value No default
Variable EHERKENNING_OIDC_OIDC_OP_TOKEN_ENDPOINT
Setting Token endpoint
Description URL of your OpenID Connect provider token endpoint
Model field type CharField
Possible values string
Default value No default
Variable EHERKENNING_OIDC_OIDC_OP_USER_ENDPOINT
Setting User endpoint
Description URL of your OpenID Connect provider userinfo endpoint
Model field type CharField
Possible values string
Default value No default
Variable EHERKENNING_OIDC_OIDC_RP_IDP_SIGN_KEY
Setting Sign key
Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format.
Model field type CharField
Possible values string
Default value No default
Variable EHERKENNING_OIDC_OIDC_USE_NONCE
Setting Use nonce
Description Controls whether the OpenID Connect client uses nonce verification
Model field type BooleanField
Possible values True, False
Default value True
Variable EHERKENNING_OIDC_OIDC_NONCE_SIZE
Setting Nonce size
Description Sets the length of the random string used for OpenID Connect nonce verification
Model field type PositiveIntegerField
Possible values string representing a (positive) number
Possible values string representing a positive number
Default value 32
Variable EHERKENNING_OIDC_OIDC_STATE_SIZE
Setting State size
Description Sets the length of the random string used for OpenID Connect state verification
Model field type PositiveIntegerField
Possible values string representing a (positive) number
Possible values string representing a positive number
Default value 32
Variable EHERKENNING_OIDC_OIDC_EXEMPT_URLS
Setting URLs exempt from session renewal
Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware.
Model field type ArrayField
Possible values string, comma-delimited ('foo,bar,baz')
Default value No information
Default value []
Variable EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE
Setting user information claims extracted from
Description Indicates the source from which the user information claims should be extracted.
Model field type CharField
Possible values string
Possible values userinfo_endpoint, id_token
Default value userinfo_endpoint
Variable EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT
Setting Logout endpoint
Description URL of your OpenID Connect provider logout endpoint
Model field type CharField
Possible values string
Default value No default
Variable EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING
Setting Error message mapping
Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user
Model field type JSONField
Possible values No information available
Default value No information
Default value {}
Variable EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT
Setting Keycloak Identity Provider hint
Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen).
Model field type CharField
Possible values string
Default value No default
Variable EHERKENNING_OIDC_ENABLED
Setting enable
Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for eHerkenning authentication.
Model field type BooleanField
Possible values True, False
Default value False
Variable EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME
Setting KVK claim name
Description The name of the claim in which the KVK of the user is stored
Model field type CharField
Possible values string
Default value kvk
Variable EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST
Setting OpenID Connect scopes
Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider
Model field type ArrayField
Possible values string, comma-delimited ('foo,bar,baz')
Default value No information
Default value ['openid', 'kvk']
3 changes: 1 addition & 2 deletions docs/configuration/general.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,7 @@ If the project is being configured for the first time, run the command from the

src/manage.py setup_configuration


By default, ``setup_configuration`` checks if a configuration already exists and will stop executing if it finds one. In order to overwrite an existing configuration, use:
By default, ``setup_configuration`` checks per configuration step if it is already configured and skips this step if that is the case. In order to overwrite an existing configuration, use:

::

Expand Down
10 changes: 1 addition & 9 deletions docs/configuration/kic.rst
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
.. _kic:


=====================
Klanten configuration
Klanten Configuration
=====================


Expand Down Expand Up @@ -48,49 +47,42 @@ Detailed Information
Variable KIC_CONFIG_REGISTER_EMAIL
Setting Registreer op email adres
Description
Model field type CharField
Possible values string
Default value No default
Variable KIC_CONFIG_REGISTER_CONTACT_MOMENT
Setting Registreer in Contactmomenten API
Description
Model field type BooleanField
Possible values True, False
Default value False
Variable KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN
Setting Organisatie RSIN
Description
Model field type CharField
Possible values string
Default value
Variable KIC_CONFIG_REGISTER_CHANNEL
Setting Contactmoment kanaal
Description The channel through which contactmomenten are created
Model field type CharField
Possible values string
Default value contactformulier
Variable KIC_CONFIG_REGISTER_TYPE
Setting Contactmoment type
Description Naam van 'contacttype' uit e-Suite
Model field type CharField
Possible values string
Default value Melding
Variable KIC_CONFIG_REGISTER_EMPLOYEE_ID
Setting Medewerker identificatie
Description Gebruikersnaam van actieve medewerker uit e-Suite
Model field type CharField
Possible values string
Default value
Variable KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER
Setting Haal bronnen op uit de Klanten- en Contactmomenten-API's voor gebruikers die zijn geauthenticeerd met eHerkenning via RSIN
Description Indien ingeschakeld, worden bronnen uit de Klanten- en Contactmomenten-API's voor eHerkenning-gebruikers opgehaald via RSIN (Open Klant). Indien niet ingeschakeld, worden deze bronnen via het KVK-nummer.
Model field type BooleanField
Possible values True, False
Default value False
Expand Down
Loading

0 comments on commit d8fc358

Please sign in to comment.