Add default timeout and max_authn_per_session settings

Relaetd to OpenConext/OpenConext-engineblock#1777 and OpenConext/OpenConext-engineblock#1345

Author: baszoetekouw

roles/engineblock/defaults/main.yml

@@ -67,6 +67,12 @@ engine_minimum_execution_time_on_invalid_received_response: 5000
 engine_time_frame_for_authentication_loop_in_seconds: 60
 engine_maximum_authentication_procedures_allowed: 5
 
+# maximum number of outstandig AuthN requests per session; exceeding this results in a 429
+engine_max_authn_per_session: 30
+
+# timeout when doing external queries (e.g., to PDP, AA, SBS)
+engine_http_client_timeout: 10
+
 # This PCRE regex is used to blacklist incoming AuthnContextClassRef attributes on. If an empty string is used
 # the validation is skipped. The validator will throw an exception if the used regex is invalid.
 engine_stepup_authn_context_class_ref_blacklist_regex: '/http:\/\/{{ base_domain | regex_escape }}\/assurance\/loa[1-3]/'

roles/engineblock/templates/parameters.yml.j2

@@ -147,6 +147,11 @@ parameters:
     ## The value for guest qualifier. Can be overridden for specific environments
     addgueststatus_guestqualifier: '{{ guest_qualifier | default('') }}'
 
+    ## the timeout used when querying external sources (PDP, AA, etc)
+    http_client.timeout: "{{ engine_http_client_timeout | int }}"
+    ## maximum number of simultaneous open authentications per session (exceed this, and receive a 429)
+    maximum_authentications_per_session: "{{ engine_max_authn_per_session | int }}"
+
     ## Language cookie settings
     cookie.path: {{ cookie_path | default('/') }}
     cookie.secure: true