1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: Apache-2.0
5 # Copy this file to application.yml and edit to suit.
7 # Consult application.default.yml for the full list of configuration
10 # The order of precedence is:
11 # 1. config/environments/{RAILS_ENV}.rb (deprecated)
12 # 2. Section in application.yml corresponding to RAILS_ENV (e.g., development)
13 # 3. Section in application.yml called "common"
14 # 4. Section in application.default.yml corresponding to RAILS_ENV
15 # 5. Section in application.default.yml called "common"
19 secret_token: zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
21 # The site name that will be used in text such as "Sign in to site_title"
24 # After logging in, the title and URL of the link that will be presented to
25 # the user as the default destination on the welcome page.
26 default_link_title: Arvados
27 default_link_url: "http://localhost:3000"
30 ### Local account configuration. This is enabled if neither
31 ### google_oauth2 or LDAP are enabled below.
33 # If true, allow new creation of new accounts in the SSO server's internal
35 allow_account_registration: false
37 # If true, send an email confirmation before activating new accounts in the
38 # SSO server's internal user database.
39 require_email_confirmation: false
43 ### Google+ OAuth2 authentication.
45 # Google API tokens required for OAuth2 login.
47 # See https://github.com/zquestz/omniauth-google-oauth2
49 # and https://developers.google.com/accounts/docs/OAuth2
50 google_oauth2_client_id: false
51 google_oauth2_client_secret: false
53 # Set this to your OpenId 2.0 realm to enable migration from Google OpenId
54 # 2.0 to Google OAuth2 OpenId Connect (Google will provide OpenId 2.0 user
55 # identifiers via the openid.realm parameter in the OAuth2 flow until 2017).
56 google_openid_realm: false
60 ### LDAP authentication.
63 # If you want to use LDAP, you need to provide
64 # the following set of fields under the use_ldap key.
66 # If 'email_domain' field is set, it will be stripped from the email address
67 # entered by the user prior attempting LDAP binding on 'uid'. This supports
68 # the case where it is not possible to look up 'bob@example.com' but instead
69 # must be looked up as 'uid=bob'.
71 # If it is possible to look up the email address directly (for example
72 # setting "uid: mail") you should prefer that and leave 'email_domain' unset.
74 # If 'username' is set, this specifies the LDAP field that will be propagated
75 # to the "username" field in the users table. This should be a
76 # posix-compatible username (which may be different from the username part of
79 # Provide 'bind_dn' and 'password' if your LDAP server requires
80 # a login before authenticating a user.
84 # host: ldap.example.com
87 # base: "ou=Users, dc=example, dc=com"
90 # #email_domain: example.com
91 # #bind_dn: "some_user"
92 # #password: "some_password"