docs: cas-server-site，新增配置项

diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
index 6826c26..aee638a 100644 (file)
--- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
@@ -1,5 +1,20 @@
 # cas-server-site-webapp.yaml
 
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  namespace: cas-server
+  name: cas-server-site-webapp-saml-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  # 根据情况修改
+  storageClassName: nfs-client
+  resources:
+    requests:
+      storage: 1Gi
+
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -56,6 +71,29 @@ data:
   CAS_AUTHN_ACCEPT_USERS: ""
 
 
+  ##
+  # SAML IdP
+  #
+  CAS_AUTHN_SAML_IDP_ENTITY_ID: https://cas.paas.xxx.edu.cn/cas/idp
+  CAS_AUTHN_SAML_IDP_SCOPE: cas.paas.xxx.edu.cn
+
+  ##
+  # SAML Metadata
+  #
+  CAS_AUTHN_SAML_IDP_METADATA_LOCATION: file:/etc/cas/saml
+
+
+  ##
+  # OAuth2
+  #
+  CAS_AUTHN_OAUTH_REFRESH_TOKEN_TIME_TO_KILL_IN_SECONDS: "2592000"
+
+  CAS_AUTHN_OAUTH_CODE_TIME_TO_KILL_IN_SECONDS: "30"
+
+  CAS_AUTHN_OAUTH_ACCESS_TOKEN_MAX_TIME_TO_LIVE_IN_SECONDS: "28800"
+  CAS_AUTHN_OAUTH_ACCESS_TOKEN_TIME_TO_KILL_IN_SECONDS: "7200"
+
+
   ## 配置第三方认证的相关参数
   CASSERVER_FEDERATION_QQ_ENABLED: "true"
   CASSERVER_FEDERATION_QQ_NAME: QQ
@@ -281,6 +319,15 @@ spec:
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 10
+        volumeMounts:
+        - mountPath: /etc/cas/saml
+          name: saml-metadata
+      volumes:
+      # - name: saml-metadata
+      #   emptyDir: {}
+      - name: saml-metadata
+        persistentVolumeClaim:
+          claimName: cas-server-site-webapp-saml-pvc
       imagePullSecrets:
         - name: harbor-registry