From bbee39bba028353e574a3011b19cc0c698c8fe73 Mon Sep 17 00:00:00 2001
From: =?utf8?q?=E5=88=98=E6=B4=AA=E9=9D=92?= <hongqing.liu@supwisdom.com>
Date: Thu, 25 Nov 2021 10:04:52 +0800
Subject: [PATCH] =?utf8?q?docs:=20cas-server-site=EF=BC=8C=E6=96=B0?=
 =?utf8?q?=E5=A2=9E=E9=85=8D=E7=BD=AE=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 .../4.5.cas-server-site-webapp.yaml           | 47 +++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
index 6826c26..aee638a 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
@@ -1,5 +1,20 @@
 # cas-server-site-webapp.yaml
 
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  namespace: cas-server
+  name: cas-server-site-webapp-saml-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  # æ ¹æ®æåµä¿®æ¹
+  storageClassName: nfs-client
+  resources:
+    requests:
+      storage: 1Gi
+
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -56,6 +71,29 @@ data:
   CAS_AUTHN_ACCEPT_USERS: ""
 
 
+  ##
+  # SAML IdP
+  #
+  CAS_AUTHN_SAML_IDP_ENTITY_ID: https://cas.paas.xxx.edu.cn/cas/idp
+  CAS_AUTHN_SAML_IDP_SCOPE: cas.paas.xxx.edu.cn
+
+  ##
+  # SAML Metadata
+  #
+  CAS_AUTHN_SAML_IDP_METADATA_LOCATION: file:/etc/cas/saml
+
+
+  ##
+  # OAuth2
+  #
+  CAS_AUTHN_OAUTH_REFRESH_TOKEN_TIME_TO_KILL_IN_SECONDS: "2592000"
+
+  CAS_AUTHN_OAUTH_CODE_TIME_TO_KILL_IN_SECONDS: "30"
+
+  CAS_AUTHN_OAUTH_ACCESS_TOKEN_MAX_TIME_TO_LIVE_IN_SECONDS: "28800"
+  CAS_AUTHN_OAUTH_ACCESS_TOKEN_TIME_TO_KILL_IN_SECONDS: "7200"
+
+
   ## éç½®ç¬¬ä¸æ¹è®¤è¯çç¸å³åæ°
   CASSERVER_FEDERATION_QQ_ENABLED: "true"
   CASSERVER_FEDERATION_QQ_NAME: QQ
@@ -281,6 +319,15 @@ spec:
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 10
+        volumeMounts:
+        - mountPath: /etc/cas/saml
+          name: saml-metadata
+      volumes:
+      # - name: saml-metadata
+      #   emptyDir: {}
+      - name: saml-metadata
+        persistentVolumeClaim:
+          claimName: cas-server-site-webapp-saml-pvc
       imagePullSecrets:
         - name: harbor-registry
 
-- 
2.17.1