Merge branch 'feature/eb_settings' into feature/eb_sbs_settings

baszoetekouw · baszoetekouw · commit 188bc1349ba3 · 2025-04-11T16:44:43.000+02:00
diff --git a/roles/engineblock/defaults/main.yml b/roles/engineblock/defaults/main.yml
@@ -68,6 +68,12 @@ engine_minimum_execution_time_on_invalid_received_response: 5000
 engine_time_frame_for_authentication_loop_in_seconds: 60
 engine_maximum_authentication_procedures_allowed: 5
 
+# maximum number of outstandig AuthN requests per session; exceeding this results in a 429
+engine_max_authn_per_session: 30
+
+# timeout when doing external queries (e.g., to PDP, AA, SBS)
+engine_http_client_timeout: 10
+
 # This PCRE regex is used to blacklist incoming AuthnContextClassRef attributes on. If an empty string is used
 # the validation is skipped. The validator will throw an exception if the used regex is invalid.
 engine_stepup_authn_context_class_ref_blacklist_regex: '/http:\/\/{{ base_domain | regex_escape }}\/assurance\/loa[1-3]/'
diff --git a/roles/engineblock/templates/parameters.yml.j2 b/roles/engineblock/templates/parameters.yml.j2
@@ -147,6 +147,11 @@ parameters:
     ## The value for guest qualifier. Can be overridden for specific environments
     addgueststatus_guestqualifier: '{{ guest_qualifier | default('') }}'
 
+    ## the timeout used when querying external sources (PDP, AA, etc)
+    http_client.timeout: "{{ engine_http_client_timeout | int }}"
+    ## maximum number of simultaneous open authentications per session (exceed this, and receive a 429)
+    maximum_authentications_per_session: "{{ engine_max_authn_per_session | int }}"
+
     ## Language cookie settings
     cookie.path: {{ cookie_path | default('/') }}
     cookie.secure: true
