Add engineblock parameters for SBS integration

Author: baszoetekouw

roles/engineblock/defaults/main.yml

@@ -16,6 +16,7 @@ engine_api_feature_consent_listing: 1
 engine_api_feature_consent_remove: 0
 engine_api_feature_metadata_api: 1
 engine_api_feature_deprovision: 1
+engine_feature_enable_sbs_interrupt: 0
 
 # Cutoff point for showing unfiltered IdPs on the WAYF
 engine_wayf_cutoff_point_for_showing_unfiltered_idps: 50
@@ -86,6 +87,14 @@ engine_stepup_gateway_sfo_sso_location: "https://{{ engine_stepup_gateway_domain
 # The public key from the Stepup Gateway IdP
 engine_stepup_gateway_sfo_public_key_file: "{{ engine_keys.default.publicFile }}"
 
+# SBS interrupt settings
+engine_sbs_base_url: "sbs.{{ base_domain }}"
+engine_sbs_attributes_allowed:
+  - 'urn:mace:dir:attribute-def:eduPersonEntitlement'
+  - 'urn:mace:dir:attribute-def:uid'
+  - 'urn:mace:dir:attribute-def:eduPersonPrincipalName'
+  - 'urn:oid:1.3.6.1.4.1.24552.500.1.1.1.13'
+
 ## The minimum priority of messages that will be logged
 engine_logging_passthru_level: NOTICE
 

roles/engineblock/templates/parameters.yml.j2

@@ -230,6 +230,7 @@ parameters:
     feature_enable_consent: {{ engine_feature_enable_consent | bool | to_json }}
     feature_stepup_sfo_override_engine_entityid: {{ engine_feature_stepup_override_entityid | bool | to_json }}
     feature_enable_idp_initiated_flow: {{ engine_feature_idp_initiated_flow | bool | to_json }}
+    feature_enable_sram_interrupt: {{ engine_feature_enable_sbs_interrupt | bool | to_json }}
     ##########################################################################################
     ## PROFILE SETTINGS
     ##########################################################################################
@@ -307,3 +308,13 @@ parameters:
     # used in the authentication log record. The attributeName will be searched in the response attributes and if present
     # the log data will be enriched. The values of the response attributes are the final values after ARP and Attribute Manipulation.
     auth.log.attributes: {{ engineblock_log_attributes }}
+
+    ##########################################################################################
+    ## SBS external authorization/attribute enrichtment
+    ##########################################################################################
+    sram.api_token: "{{ engine_sbs_api_token | default('') }}"
+    sram.base_url: "{{ engine_sbs_base_url }}"
+    sram.authz_location: "authz_eb"
+    sram.interrupt_location: "interrupt"
+    sram.verify_peer: true
+    sram.allowed_attributes: "{{ engine_sbs_attributes_allowed }}"