Add WebAuthN configuration params to the authentication stack

roles/float-base-auth-server/defaults/main.yml

@@ -22,3 +22,8 @@ auth_server_anti_bruteforce_blacklist:
   limit: 50
   period: 7200
   blacklist_for: 86400
+
+# Autodetect the default WebAuthN RP ID by looking at
+# the first public_endpoint of the sso-server service.
+webauthn_rp_id: "{{ services['sso-server'].public_endpoints[0].name }}.{{ domain_public[0] }}"
+

roles/float-base-auth-server/templates/auth-server.yml.j2

@@ -4,6 +4,11 @@ backends_dir: /etc/auth-server/backends.d
 services_dir: /etc/auth-server/services.d
 services: {}
 
+webauthn:
+  rp_id: "{{ webauthn_rp_id }}"
+  rp_origin: "https://{{ webauthn_rp_id }}"
+  rp_display_name: "{{ webauthn_rp_display_name | default(webauthn_rp_id) }}"
+
 {% if 'user-meta-server' in services %}
 user_meta_server:
   url: "https://user-meta-server.{{ domain }}:5505"

roles/float-infra-sso-server/templates/server.yml.j2

@@ -29,9 +29,8 @@ allowed_cors_origins: {{ sso_allowed_cors_origins | to_json }}
 allowed_exchanges: {{ sso_allowed_exchanges | to_json }}
 service_ttls: {{ sso_service_ttls | to_json }}
 auth_session_lifetime: 43200
-session_secrets:
-  - "{{ sso_session_auth_secret }}"
-  - "{{ sso_session_enc_secret }}"
+session_auth_key: "{{ sso_session_auth_secret }}"
+session_enc_key: "{{ sso_session_enc_secret }}"
 csrf_secret: "{{ sso_csrf_secret }}"
 auth_service: sso
 {% if enable_keystore %}
@@ -47,6 +46,7 @@ keystore_enable_groups:
 {% endif %}
 url_path_prefix: "{{ sso_server_url_path_prefix }}"
 account_recovery_url: "{{ sso_server_account_recovery_url | default('') }}"
+default_signed_in_redirect: "{{ sso_server_default_signed_in_redirect | default('') }}"
 device_manager:
   auth_key: "{{ sso_device_manager_auth_secret }}"
   trusted_forwarders: