From 961ffa805d7271dd37b4772b06641e2e1a71382a Mon Sep 17 00:00:00 2001 From: Leroy <3416288+Liemine@users.noreply.github.com> Date: Mon, 17 Nov 2025 12:02:01 +0100 Subject: [PATCH 01/11] #769 Make affiliation email more configurable --- roles/myconext/templates/application.yml.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 9f5a4d535..a4fea7074 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -114,6 +114,8 @@ feature: create_eduid_institution_landing: {{ myconext.feature_create_eduid_institution_landing }} # Do we default remember the user for a longer period default_remember_me: True + # Do we default add affiliate email address + default_affiliate_email: True # Does the SAMLIdpService expects authn requests to be signed requires_signed_authn_request: False # Do we support ID verify @@ -135,6 +137,8 @@ feature: # Set to true to use the BRIN code to add ui-roles and authentication scoped affiliations use_remote_creation_for_affiliation: {{ myconext.feature_use_remote_creation_for_affiliation }} + default_affiliate_email_domain: eduid.nl + captcha: sitekey: {{ myconext.captcha_sitekey }} apikey: {{ myconext.captcha_apikey }} From 3d1f8845b405a7914fb16abbd281ab64013ee42b Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Tue, 18 Nov 2025 16:20:30 +0100 Subject: [PATCH 02/11] Fixed indentation for myconext --- roles/myconext/templates/application.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index a4fea7074..abcac9949 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -137,7 +137,7 @@ feature: # Set to true to use the BRIN code to add ui-roles and authentication scoped affiliations use_remote_creation_for_affiliation: {{ myconext.feature_use_remote_creation_for_affiliation }} - default_affiliate_email_domain: eduid.nl +default_affiliate_email_domain: eduid.nl captcha: sitekey: {{ myconext.captcha_sitekey }} From 06a6381c4984e34f8b3c24efb95a73447b933a11 Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Wed, 19 Nov 2025 17:04:19 +0100 Subject: [PATCH 03/11] WIP for https://github.com/OpenConext/OpenConext-attribute-aggregation/issues/143 --- roles/attribute-aggregation/tasks/main.yml | 6 +++++- .../templates/serverapplication.yml.j2 | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/attribute-aggregation/tasks/main.yml b/roles/attribute-aggregation/tasks/main.yml index a8959123f..dcac53c08 100644 --- a/roles/attribute-aggregation/tasks/main.yml +++ b/roles/attribute-aggregation/tasks/main.yml @@ -53,6 +53,10 @@ command: "-Xmx128m --spring.config.location=./" etc_hosts: host.docker.internal: host-gateway + labels: + traefik.http.routers.aagui.rule: "Host(`aa.{{ base_domain }}`)" + traefik.http.routers.aagui.tls: "true" + traefik.enable: "true" healthcheck: test: [ @@ -61,7 +65,7 @@ "-no-verbose", "--tries=1", "--spider", - "http://localhost:8080/aa/api/internal/health", + "http://localhost:8080/internal/health", ] interval: 10s timeout: 10s diff --git a/roles/attribute-aggregation/templates/serverapplication.yml.j2 b/roles/attribute-aggregation/templates/serverapplication.yml.j2 index 8e49715b4..28fc29379 100644 --- a/roles/attribute-aggregation/templates/serverapplication.yml.j2 +++ b/roles/attribute-aggregation/templates/serverapplication.yml.j2 @@ -8,7 +8,6 @@ server: # The port to where this Spring Boot application listens to. e.g. http://localhost:{{ springapp_tcpport }} port: 8080 servlet: - context-path: /aa/api session: timeout: 28800 cookie: From 6b68917d4484cdfc5b5b7e9b6bf87840f588f306 Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Thu, 20 Nov 2025 09:37:22 +0100 Subject: [PATCH 04/11] Fixes https://github.com/OpenConext/OpenConext-attribute-aggregation/issues/143 --- roles/attribute-aggregation/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/attribute-aggregation/tasks/main.yml b/roles/attribute-aggregation/tasks/main.yml index dcac53c08..2fb6277d0 100644 --- a/roles/attribute-aggregation/tasks/main.yml +++ b/roles/attribute-aggregation/tasks/main.yml @@ -54,8 +54,8 @@ etc_hosts: host.docker.internal: host-gateway labels: - traefik.http.routers.aagui.rule: "Host(`aa.{{ base_domain }}`)" - traefik.http.routers.aagui.tls: "true" + traefik.http.routers.aaserver.rule: "Host(`aa.{{ base_domain }}`)" + traefik.http.routers.aaserver.tls: "true" traefik.enable: "true" healthcheck: test: From 05b0831f5681faf4e5abdc7776ec99b7a458b260 Mon Sep 17 00:00:00 2001 From: Ricardo van der Heijden Date: Thu, 20 Nov 2025 10:50:29 +0100 Subject: [PATCH 05/11] Fixes https://github.com/OpenConext/OpenConext-myconext/issues/757 --- roles/myconext/templates/application.yml.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index abcac9949..31b0f1a8e 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -136,6 +136,8 @@ feature: captcha_enabled: True # Set to true to use the BRIN code to add ui-roles and authentication scoped affiliations use_remote_creation_for_affiliation: {{ myconext.feature_use_remote_creation_for_affiliation }} + # Set to true to show the account linking related options on the personal-info page and home page (banner) + enable_account_linking: True default_affiliate_email_domain: eduid.nl From c930adfc53fb43f1dd7bf6ac6cdbba7dc2d360c8 Mon Sep 17 00:00:00 2001 From: Ricardo van der Heijden Date: Thu, 20 Nov 2025 14:07:23 +0100 Subject: [PATCH 06/11] #757 Replaces hardcoded value with variable --- environments/template/group_vars/template.yml | 3 ++- roles/myconext/templates/application.yml.j2 | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/environments/template/group_vars/template.yml b/environments/template/group_vars/template.yml index 1317bbd88..916db22db 100644 --- a/environments/template/group_vars/template.yml +++ b/environments/template/group_vars/template.yml @@ -290,6 +290,7 @@ myconext: feature_create_eduid_institution_landing: true feature_allowlist: false feature_dry_run_email_cron: true + feature_enable_account_linking: true sms_api_url: "https://rest.spryngsms.com/v1/messages" sms_api_route: "default" sp_entity_id: https://engine.{{ base_domain }}/authentication/sp/metadata @@ -613,4 +614,4 @@ dashboard_install: false # change them if necessary, for example on docker hosts they have to be a little higher # rsyslog_imjournal_ratelimitburst: 2000 # rsyslog_imjournal_ratelimitinterval: 600 -# rsyslog_maxmessagesize: 8000 \ No newline at end of file +# rsyslog_maxmessagesize: 8000 diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 31b0f1a8e..d30ffd3e2 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -137,7 +137,7 @@ feature: # Set to true to use the BRIN code to add ui-roles and authentication scoped affiliations use_remote_creation_for_affiliation: {{ myconext.feature_use_remote_creation_for_affiliation }} # Set to true to show the account linking related options on the personal-info page and home page (banner) - enable_account_linking: True + enable_account_linking: {{ myconext.feature_enable_account_linking }} default_affiliate_email_domain: eduid.nl From 48bdd9aeceba104ded5cc0bb8652180cb34d592e Mon Sep 17 00:00:00 2001 From: Ricardo van der Heijden <20791917+ricardovdheijden@users.noreply.github.com> Date: Mon, 24 Nov 2025 15:54:13 +0100 Subject: [PATCH 07/11] Fixes https://github.com/OpenConext/OpenConext-myconext/issues/759 Adds feature toggle use_app --- environments/template/group_vars/template.yml | 1 + roles/myconext/templates/application.yml.j2 | 2 ++ 2 files changed, 3 insertions(+) diff --git a/environments/template/group_vars/template.yml b/environments/template/group_vars/template.yml index 916db22db..55e659b57 100644 --- a/environments/template/group_vars/template.yml +++ b/environments/template/group_vars/template.yml @@ -291,6 +291,7 @@ myconext: feature_allowlist: false feature_dry_run_email_cron: true feature_enable_account_linking: true + feature_use_app: true sms_api_url: "https://rest.spryngsms.com/v1/messages" sms_api_route: "default" sp_entity_id: https://engine.{{ base_domain }}/authentication/sp/metadata diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index d30ffd3e2..42f0c64a5 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -138,6 +138,8 @@ feature: use_remote_creation_for_affiliation: {{ myconext.feature_use_remote_creation_for_affiliation }} # Set to true to show the account linking related options on the personal-info page and home page (banner) enable_account_linking: {{ myconext.feature_enable_account_linking }} + # Set to true to show the app login option + use_app: {{ myconext.feature_use_app }} default_affiliate_email_domain: eduid.nl From cf732253d7cc7b38eb070d92c18cab41fa2805cb Mon Sep 17 00:00:00 2001 From: Leroy <3416288+Liemine@users.noreply.github.com> Date: Tue, 25 Nov 2025 11:00:42 +0100 Subject: [PATCH 08/11] #1001 Add email addresses --- roles/myconext/templates/application.yml.j2 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 9f5a4d535..f41395144 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -37,8 +37,11 @@ springdoc: enabled: true email: - from: eduID - error_mail: info@surfconext.nl + from_deprovisioning: + from_code: eduID + from_app_nudge: + from_new_device: + error: info@surfconext.nl magic-link-url: https://login.{{ myconext_base_domain }}/saml/guest-idp/magic my-surfconext-url: https://mijn.{{ myconext_base_domain }} idp-surfconext-url: https://login.{{ myconext_base_domain }} From 19d0a4828f95e8f8eae9341a13699b826109c5ca Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Tue, 25 Nov 2025 12:47:14 +0100 Subject: [PATCH 09/11] Added missing attributes from feature branch --- roles/myconext/templates/application.yml.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index f41395144..fab11c98d 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -137,6 +137,12 @@ feature: captcha_enabled: True # Set to true to use the BRIN code to add ui-roles and authentication scoped affiliations use_remote_creation_for_affiliation: {{ myconext.feature_use_remote_creation_for_affiliation }} + # Set to true to show the account linking related options on the personal-info page and home page (banner) + enable_account_linking: {{ myconext.feature_enable_account_linking }} + # Set to true to show the app login option + use_app: {{ myconext.feature_use_app }} + +default_affiliate_email_domain: eduid.nl captcha: sitekey: {{ myconext.captcha_sitekey }} From 9b0db989a02b3b2474a1a44371ba68d488541039 Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Wed, 26 Nov 2025 09:08:17 +0100 Subject: [PATCH 10/11] Added languages for invite --- roles/invite/templates/serverapplication.yml.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/invite/templates/serverapplication.yml.j2 b/roles/invite/templates/serverapplication.yml.j2 index ce195b62d..e637ff0cf 100644 --- a/roles/invite/templates/serverapplication.yml.j2 +++ b/roles/invite/templates/serverapplication.yml.j2 @@ -118,6 +118,8 @@ config: past-date-allowed: {{ invite.past_date_allowed }} performance-seed-allowed: {{ invite.performance_seed_allowed }} eduid-idp-schac-home-organization: {{ invite.eduid_idp_schac_home_organization }} + # Determines the languages available for switching language, supported are 'nl', 'en' and 'pt' + languages: "nl, en" feature: limit-institution-admin-role-visibility: {{ invite.limit_institution_admin_role_visibility }} From 90262652a4073135bb53ee432f4497e91a0f8c96 Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Sat, 29 Nov 2025 11:14:45 +0100 Subject: [PATCH 11/11] Added missing mongodb_db variable for myconext CRON jobs --- roles/myconext/templates/application.yml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/myconext/templates/application.yml.j2 b/roles/myconext/templates/application.yml.j2 index 3d1719061..b45cc13bc 100644 --- a/roles/myconext/templates/application.yml.j2 +++ b/roles/myconext/templates/application.yml.j2 @@ -77,6 +77,7 @@ manage: base_url: "https://manage.{{ base_domain }}" enabled: True +mongodb_db: {{ myconext.mongo_database }} base_domain: {{ myconext_base_domain }} saml_metadata_base_path: https://login.{{ myconext_base_domain }} base_path: https://mijn.{{ myconext_base_domain }}