myconext-server/src/main/resources/application.yml

logging:
  level:
    org.springframework: WARN
    org.springframework.web: WARN
    org.springframework.security: WARN
    com.zaxxer.hikari: ERROR
    myconext: DEBUG
    tiqr.org: DEBUG

server:
  port: 8081
  error:
    path: "/error"
  forward-headers-strategy: framework

springdoc:
  pathsToMatch:
    - "/api/remote-creation/**"
    - "/myconext/api/invite/**"
    - "/mobile/**"
  api-docs:
    path: "/myconext/api/api-docs"
    enabled: true
  swagger-ui:
    # http://localhost:8081/myconext/swagger-ui/index.html
    path: "/myconext/api/"
    operationsSorter: method
    enabled: true

email:
  from: noreply@surfconext.nl
  magic-link-url: http://localhost:8081/saml/guest-idp/magic
  my-surfconext-url: http://localhost:3001
  idp-surfconext-url: http://localhost:3000
#  mail-templates-directory: file://opt/build/main/resources/mail_templates
  mail-templates-directory: classpath:mail_templates

identity-provider-meta-data:
  single_sign_on_service_uri: "https://login.test.eduid.nl/saml/guest-idp/SSO"
  name: "eduID IdP"
  description: "eduID IdP"
  logo_uri: "https://static.surfconext.nl/media/idp/eduid.png"

schac_home_organization: eduid.nl

cron:
  node-cron-job-responsible: True
  token-cleaner-expression: "0 0/15 * * * *"
  manage-initial-delay-milliseconds: 15000
  manage-fixed-rate-milliseconds: 43_200_000
  # Runs on the first day of February, May, August, and November.
  mail-institution-mail-usage-expression: "0 0 0 1 2,5,8,11 *"
  # Every day at 6:30AM
  nudge-app-mail-expression: "0 30 6 * * ?"
  # Number of days after creation of the eduID account which the nudge mail is send
  nudge-app-mail-days-after-creation: 14
  # Every day at 7:30AM
  inactivity-users-expression: "0 30 7 * * ?"

manage:
  username: myconext
  password: secret
  base_url: https://manage.test2.surfconext.nl
  enabled: False

mongodb_db: surf_id_test
base_domain: test2.surfconext.nl
saml_metadata_base_path: http://localhost:8081
base_path: http://localhost:8081
continue_after_login_url: http://localhost:8081/saml/guest-idp/continue
idp_redirect_url: http://localhost:3000
rp_id: localhost
rp_origin: http://localhost:3000
sp_redirect_url: http://localhost:3001
sp_entity_id: https://engine.test.surfconext.nl/authentication/sp/metadata
sp_entity_metadata_url: https://engine.test.surfconext.nl/authentication/sp/metadata
guest_idp_entity_id: https://localhost.surf.id
my_conext_url: https://my.test2.surfconext.nl
domain: eduid.nl
mijn_eduid_entity_id: http://mijn.localhost/shibboleth
mobile_app_redirect: eduid:///client/mobile
mobile_app_rp_entity_id: mobile_app_rp_entity_id

feature:
  webauthn: True
  warning_educational_email_domain: True
  # Show / hide the connections page in the mijn GUI
  connections: True
  # Do we deny emails that are known Disposable Email Providers
  deny_disposable_email_providers: True
  # Do we allow for multiple linked (institutional) accounts? Not yet implemented
  # multiple_linked_account: False
  use_deny_allow_list:
    allow_enabled: False
    allow_location: "classpath:/deny-allow/allowed.json"
  # Do we allow the create-from-institution flow
  create_eduid_institution_enabled: True
  # Do we show the landing page for the create-from-institution flow
  create_eduid_institution_landing: True
  # Do we default remember the user for a longer period
  default_remember_me: False
  # Does the SAMLIdpService expects authn requests to be signed
  requires_signed_authn_request: False
  # Do we support ID verify
  id_verify: True
  # Do we support the remote creation API (e.g. for studielink)
  remote_creation_api: True
  # Do we periodically mail users who have used their institution account
  mail_institution_mail_usage: True
  # Do we periodically mail users who are inactive and might have their account deleted
  mail_inactivity_mails: True
  # Do we mail users who have not installed the eduID app
  nudge_app_mail: True
secure_cookie: false
idp_entity_id: https://localhost.surf.id
private_key_path: classpath:/myconext.pem
certificate_path: classpath:/myconext.crt
tiqr_hash_secret: 43234502-2AAC-4E53-AA32-C7B909F71442

remember_me_max_age_seconds: 15_768_000
sso_mfa_duration_seconds: 900
nudge_eduid_app_login_days: 5
nudge_eduid_app_pause_days: 7
remember_me_question_asked_days: 30
email_guessing_sleep_millis: 500
email_spam_threshold_seconds: 15

sms:
  url: "http://localhost:8081/sms"
  bearer: "secret"

tiqr_configuration: "classpath:/tiqr.configuration.yml"

# We don't encode in-memory passwords, but we can't prefix them with {noop} as they are injected from Ansible for both sender and receiver
external-api-configuration:
  remote-users:
    -
      username: aa
      password: "secret"
      scopes:
        - attribute-aggregation
        - system
    -
      username: oidcng
      password: "secret"
      scopes:
        - attribute-manipulation
    -
      username: studielink
      password: "secret"
      scopes:
        - remote-creation
      institutionGUID: ec9d6d75-0d11-e511-80d0-005056956c1a
      schac_home: studielink.nl
    -
      username: invite
      password: "secret"
      scopes:
        - invite

oidc-token-api:
  token-url: https://connect.test2.surfconext.nl/tokens
  user: eduid
  password: secret
  enabled: true

oidc:
  client-id: myconext.rp.localhost
  secret: secret
  idp-flow-redirect-url: http://localhost:8081/myconext/api/idp/oidc/redirect
  sp-flow-redirect-url: http://localhost:8081/myconext/api/sp/oidc/redirect
  mobile-flow-redirect-url: http://localhost:8081/myconext/api/mobile/oidc/redirect
  sp-create-from-institution-redirect-url: http://localhost:8081/myconext/api/sp/create-from-institution/oidc-redirect
  base-url: https://connect.test2.surfconext.nl

services-configuration:
  hide_in_overview:
    - some_client

linked_accounts:
  # The duration that not name-validated linked accounts are valid - note that they are not removed and will be used for EPPN Pseudonymisation
  expiry-duration-days-non-validated: 180
  # The duration after which linked accounts are removed
  removal-duration-days-validated: 2190

account_linking_context_class_ref:
  linked_institution: https://eduid.nl/trust/linked-institution
  validate_names: https://eduid.nl/trust/validate-names
  validate_names_external: https://eduid.nl/trust/validate-names-external
  affiliation_student: https://eduid.nl/trust/affiliation-student
  profile_mfa: https://refeds.org/profile/mfa

account_linking:
  myconext_sp_entity_id: https://mijn.test2.eduid.nl/shibboleth

eduid_api:
#  oidcng_introspection_uri: http://localhost:8098/introspect
  oidcng_introspection_uri: "https://connect.test2.surfconext.nl/oidc/introspect"
  oidcng_discovery_url: "https://connect.test2.surfconext.nl/oidc/.well-known/openid-configuration"
  oidcng_client_id: myconext.rs
  oidcng_secret: secret
  base_url: http://localhost:8081

geo_location:
  license_key: lb53kEx9iVCuBcnV
  external_url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key={license_key}&suffix=tar.gz"
  download_directory: "/var/tmp/geo2lite"

verify:
  client_id: client
  secret: secret
  base_uri: "http://localhost:8282"
  sp_verify_redirect_url: http://localhost:8081/myconext/api/sp/verify/redirect
  mobile_verify_redirect_url: http://localhost:8081/myconext/api/mobile/verify/redirect
  idp_verify_redirect_url: http://localhost:8081/myconext/api/idp/verify/redirect
  issuers_path: "classpath:idin/issuers.json"

spring:
  data:
    mongodb:
      uri: mongodb://127.0.0.1:27017/${mongodb_db}
      auto-index-creation: false
  mail:
    host: localhost
    port: 1025

gui:
  disclaimer:
    background-color: red
    content: LOCAL

management:
  health:
    mail:
      enabled: true
  endpoints:
    web:
      exposure:
        include: "health,info,mappings,metrics"
      base-path: "/internal"
  endpoint:
    info:
      enabled: true
    health:
      enabled: true
      show-details: always
    mappings:
      enabled: true
    metrics:
      enabled: true
  info:
    git:
      mode: full