chore(ci): Update YAML files to comply with YAMLLINT

2025-12-06 15:31:38 +01:00 · 2023-08-08 13:47:01 +02:00
parent 82bf0387e0
commit 76f7962d03
8 changed files with 132 additions and 70 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -27,7 +27,7 @@ variables:
    description: "The name of namespaces to deploy to."
    value: ""
  CLUSTER:
-    description: "Define which cluster to use - don't select prototype when you are not explicitly knowing what you are doing!"
+    description: "Define which cluster to use"
    value: "develop"
    options:
      - "dev"
@@ -61,7 +61,7 @@ variables:
      - "yes"
      - "no"
  DEPLOY_UCS:
-    description: "Enable Univention Corporate Server deployment. Depends on `DEPLOY_KEYCLOAK` and `DEPLOY_VAULT`."
+    description: "Enable Univention Corporate Server deployment."
    value: "no"
    options:
      - "yes"
@@ -79,7 +79,7 @@ variables:
      - "yes"
      - "no"
  DEPLOY_KEYCLOAK:
-    description: "Enable Keycloak deployment. 'yes' deploys upstream (bitnami) Keycloak, select 'keycloak_univention' to install Univention maintained Keycloak."
+    description: "Enable Keycloak deployment."
    value: "no"
    options:
      - "yes"
@@ -156,14 +156,15 @@ variables:
        field: "credentials"
      file: false
  script:
-    - cd "${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
+    - "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
    # MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD
    - |
      if ! [ -z "${MASTER_PASSWORD_WEB_VAR}" ]; then
        export MASTER_PASSWORD="${MASTER_PASSWORD_WEB_VAR}"
      fi;
-    - echo "Installing ${COMPONENT} into ${NAMESPACE} namespace as ${HELMFILE_ENVIRONMENT} environment on ${CLUSTER}"
-    - helmfile --namespace ${NAMESPACE} apply --suppress-diff
+    - >
+      echo "Installing ${COMPONENT} into ${NAMESPACE} namespace as ${HELMFILE_ENVIRONMENT} environment on ${CLUSTER}"
+    - "helmfile --namespace ${NAMESPACE} apply --suppress-diff"
  tags:
    - "docker"
    - "kubernetes"
@@ -178,7 +179,10 @@ env-cleanup:
    action: "stop"
  needs: []
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $ENV_STOP_BEFORE != "no"
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          $ENV_STOP_BEFORE != "no"
      when: "always"
  script:
    - "helmfile destroy --namespace ${NAMESPACE}"
@@ -193,10 +197,12 @@ env-start:
  extends: ".deploy-common"
  image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/alpine/k8s:1.25.6"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/
      when: "always"
  script:
-    - 'echo "Deploying to Environment ${NAMESPACE} in ${CLUSTER} Cluster"'
+    - "echo \"Deploying to Environment ${NAMESPACE} in ${CLUSTER} Cluster\""
    - "kubectl create namespace ${NAMESPACE} --dry-run=client -o yaml | kubectl apply -f -"
    - >
      kubectl create secret
@@ -212,8 +218,11 @@ services-deploy:
  stage: "basic-services-deploy"
  extends: ".deploy-common"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_SERVICES != "no")
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_SERVICES != "no")
+      when: "always"
  variables:
    COMPONENT: "services"

@@ -221,8 +230,11 @@ ucs-deploy:
  stage: "component-deploy-stage-1"
  extends: ".deploy-common"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no")
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no")
+      when: "always"
  variables:
    COMPONENT: "univention-corporate-container"

@@ -230,8 +242,11 @@ provisioning-deploy:
  stage: "component-deploy-stage-2"
  extends: ".deploy-common"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no" || $DEPLOY_PROVISIONING != "no")
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no" || $DEPLOY_PROVISIONING != "no")
+      when: "always"
  variables:
    COMPONENT: "provisioning"

@@ -239,18 +254,24 @@ keycloak-deploy:
  stage: "component-deploy-stage-1"
  extends: ".deploy-common"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_KEYCLOAK != "no")
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_KEYCLOAK != "no")
+      when: "always"
  variables:
    COMPONENT: "keycloak"

 keycloak-bootstrap-deploy:
  stage: "component-deploy-stage-1"
  extends: ".deploy-common"
-  timeout: 30m
+  timeout: "30m"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_KEYCLOAK != "no")
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_KEYCLOAK != "no")
+      when: "always"
  variables:
    COMPONENT: "keycloak-bootstrap"

@@ -258,8 +279,11 @@ ox-deploy:
  stage: "component-deploy-stage-1"
  extends: ".deploy-common"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_OX != "no")
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_OX != "no")
+      when: "always"
  variables:
    COMPONENT: "open-xchange"

@@ -267,8 +291,11 @@ ics-deploy:
  stage: "component-deploy-stage-1"
  extends: ".deploy-common"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_ICS != "no")
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_ICS != "no")
+      when: "always"
  variables:
    COMPONENT: "intercom-service"

@@ -276,8 +303,11 @@ xwiki-deploy:
  stage: "component-deploy-stage-1"
  extends: ".deploy-common"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_XWIKI != "no")
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_XWIKI != "no")
+      when: "always"
  variables:
    COMPONENT: "xwiki"

@@ -285,8 +315,11 @@ collabora-deploy:
  stage: "component-deploy-stage-1"
  extends: ".deploy-common"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no" || $DEPLOY_COLLABORA != "no")
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no" || $DEPLOY_COLLABORA != "no")
+      when: "always"
  variables:
    COMPONENT: "collabora"

@@ -294,8 +327,11 @@ nextcloud-deploy:
  stage: "component-deploy-stage-1"
  extends: ".deploy-common"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no")
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no")
+      when: "always"
  variables:
    COMPONENT: "nextcloud"

@@ -303,8 +339,11 @@ openproject-deploy:
  stage: "component-deploy-stage-1"
  extends: ".deploy-common"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_OPENPROJECT != "no")
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_OPENPROJECT != "no")
+      when: "always"
  variables:
    COMPONENT: "openproject"

@@ -312,8 +351,11 @@ jitsi-deploy:
  stage: "component-deploy-stage-1"
  extends: ".deploy-common"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_JITSI != "no")
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_JITSI != "no")
+      when: "always"
  variables:
    COMPONENT: "jitsi"

@@ -325,10 +367,12 @@ env-stop:
  image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/alpine/k8s:1.25.6"
  needs: []
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/
      when: "manual"
  script:
-    - "echo 'We do not stop the env (delete the namespace) at the moment in this stage, as deleting a branches also triggers this env-stop stage and we do not want this to happen.'"
+    - "echo 'We do not stop the env (delete the namespace) at the moment in this stage, as deleting a branches also
+      triggers this env-stop stage and we do not want this to happen.'"
    # - kubectl delete namespace "${NAMESPACE}"
  stage: "env-stop"
  variables:
@@ -344,8 +388,9 @@ run-tests:
    - "${CLUSTER}"
  stage: "tests"
  rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $RUN_TESTS == "yes"
-      when: always
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $RUN_TESTS == "yes"
+      when: "always"
  script:
    - |
      COMPONENTS="login or portal or profile or navigation"
@@ -383,10 +428,11 @@ run-tests:

 common-yaml-linter:
  except:
-    - tags
-    - web
+    - "tags"
+    - "web"

 reuse-linter:
+  allow_failure: false
  except:
-    - tags
-    - web
+    - "tags"
+    - "web"
--- a/helmfile/apps/keycloak/values-keycloak-idp.yaml
+++ b/helmfile/apps/keycloak/values-keycloak-idp.yaml
@@ -3,6 +3,7 @@
 ---
 keycloakConfigCli:
  configuration:
+    # yamllint disable rule:line-length
    idp.json: |
      {
        "id": "$(IDENTIFIER)",
@@ -1688,4 +1689,5 @@ keycloakConfigCli:
        ],
        "browserFlow": "2fa-browser"
      }
+    # yamllint enable rule:line-length
 ...
--- a/helmfile/apps/keycloak/values-keycloak.yaml
+++ b/helmfile/apps/keycloak/values-keycloak.yaml
@@ -10,12 +10,14 @@ auth:
  adminUser: "kcadmin"
 # not working as expected with older helm chart, check if it works with most recent one.
 # meanwhile we set the loglevel using the extraEnvVars a bit below.
-#logging:
+# logging:
 #   level: "DEBUG"
 extraEnvVars:
  - name: "KC_LOG_LEVEL"
    value: "INFO"
-extraStartupArgs: "-Dkeycloak.profile.feature.token_exchange=enabled -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled"
+extraStartupArgs: >
+  -Dkeycloak.profile.feature.token_exchange=enabled
+  -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled

 service:
  type: "ClusterIP"
@@ -44,8 +46,12 @@ extraVolumeMounts:

 keycloakConfigCli:
  enabled: true
-  command: [ "java", "-jar" ,"/opt/bitnami/keycloak-config-cli/keycloak-config-cli-19.0.3.jar" ]
-  args: [ "--import.var-substitution.enabled=true" ]
+  command:
+    - "java"
+    - "-jar"
+    - "/opt/bitnami/keycloak-config-cli/keycloak-config-cli-19.0.3.jar"
+  args:
+    - "--import.var-substitution.enabled=true"
  cache:
    enabled: false

--- a/helmfile/apps/nextcloud/values-nextcloud.yaml
+++ b/helmfile/apps/nextcloud/values-nextcloud.yaml
@@ -17,7 +17,9 @@ cronjob:
    postStartCommand:
      - "sh"
      - "-c"
-      - 'sed -i "s/\*\/5 \* \* \* \* php -f \/var\/www\/html\/cron.php/\*\/1 \* \* \* \* php -f \/var\/www\/html\/cron.php/g" /var/spool/cron/crontabs/www-data'
+      - >
+        sed -i "s/\*\/5 \* \* \* \* php -f \/var\/www\/html\/cron.php/\*\/1 \* \* \* \* php -f
+        \/var\/www\/html\/cron.php/g" /var/spool/cron/crontabs/www-data

 internalDatabase:
  enabled: false
--- a/helmfile/apps/open-xchange/values-openxchange.yaml
+++ b/helmfile/apps/open-xchange/values-openxchange.yaml
@@ -13,13 +13,13 @@ appsuite:
      status:
        # enable admin pack
        # admin: enabled
-        documents: disabled
-        guard: enabled
+        documents: "disabled"
+        guard: "enabled"
    packages:
      status:
-        open-xchange-oidc: enabled
-        open-xchange-authentication-database: disabled
-        open-xchange-authentication-oauth: enabled
+        open-xchange-oidc: "enabled"
+        open-xchange-authentication-database: "disabled"
+        open-xchange-authentication-oauth: "enabled"
    properties:
      com.openexchange.UIWebPath: "/appsuite/"
      # OIDC
@@ -50,10 +50,10 @@ appsuite:
      com.openexchange.mail.transportServer: "postfix"
      com.openexchange.mail.transportServerSource: "global"
      # Mailfilter
-      com.openexchange.mail.filter.loginType: global
-      com.openexchange.mail.filter.credentialSource: mail
-      com.openexchange.mail.filter.server: dovecot
-      com.openexchange.mail.filter.preferredSaslMech: XOAUTH2
+      com.openexchange.mail.filter.loginType: "global"
+      com.openexchange.mail.filter.credentialSource: "mail"
+      com.openexchange.mail.filter.server: "dovecot"
+      com.openexchange.mail.filter.preferredSaslMech: "XOAUTH2"
      # Capabilities
      com.openexchange.capability.client-onboarding: "true"
      com.openexchange.capability.dynamic-theme: "true"
@@ -64,7 +64,7 @@ appsuite:
      com.openexchange.capability.public-sector: "true"
      com.openexchange.capability.smime: "true"
      # Secondary Accounts
-      com.openexchange.mail.secondary.authType: XOAUTH2
+      com.openexchange.mail.secondary.authType: "XOAUTH2"
      # Nextcloud integration
      com.openexchange.file.storage.nextcloud.oauth.url: "http://nextcloud/"
      com.openexchange.file.storage.nextcloud.oauth.webdav.username.strategy: "user"
@@ -97,17 +97,18 @@ appsuite:
      io.ox/core//features/managedResources: "true"
      # Categories
      io.ox/core//features/categories: "true"
-      io.ox/core//categories/predefined: '[{ "name": "Predefined", "color": "orange", "icon": "bi/exclamation-circle.svg" }]'
+      io.ox/core//categories/predefined: >
+        [{ "name": "Predefined", "color": "orange", "icon": "bi/exclamation-circle.svg" }]
      # Nextcloud integration
      # io.ox.nextcloud//server: "https://ics.<DOMAIN>/fs/"
      # Central navigation
-      io.ox.public-sector//navigation/oxtabname: tab_groupware
+      io.ox.public-sector//navigation/oxtabname: "tab_groupware"
      # io.ox.public-sector//ics/url: "https://ics.<DOMAIN>/"
      io.ox/core//apps/quickLaunchCount: "0"
      io.ox/core//coloredIcons: "false"
      # Dynamic theme
      io.ox/dynamic-theme//mainColor: "#004B76"
-      io.ox/dynamic-theme//logoURL: io.ox.public-sector/logo.svg
+      io.ox/dynamic-theme//logoURL: "io.ox.public-sector/logo.svg"
      io.ox/dynamic-theme//logoWidth: "80"
      io.ox/dynamic-theme//topbarBackground: "#fff"
      io.ox/dynamic-theme//topbarColor: "#1f1f1f"
@@ -120,10 +121,10 @@ appsuite:

    asConfig:
      default:
-        host: all
+        host: "all"
        pageHeaderPrefix: "as8.souvap App Suite"
        oidcLogin: true
-        oidcPath: /oidc
+        oidcPath: "/oidc"

  core-ui:
    enabled: true
--- a/helmfile/apps/openproject/values.yaml
+++ b/helmfile/apps/openproject/values.yaml
@@ -27,7 +27,8 @@ openproject:
  # seed will only be executed on initial installation
  seed_locale: "de"

-# For more details and more options see https://www.openproject.org/docs/installation-and-operations/configuration/environment/
+# For more details and more options see
+# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
 environment:
  OPENPROJECT_LOG__LEVEL: "info"
  OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_LOGIN: "phoenixusername"
--- a/helmfile/apps/provisioning/values-oxconnector.yaml
+++ b/helmfile/apps/provisioning/values-oxconnector.yaml
@@ -6,7 +6,7 @@ ingress:

 oxConnector:
  ldapHost: "univention-corporate-container"
-  #ldapHostIp: ""
+  # ldapHostIp: ""
  ldapBaseDn: "dc=swp-ldap,dc=internal"
  ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
  notifierServer: "univention-corporate-container"
--- a/helmfile/apps/xwiki/values.yaml
+++ b/helmfile/apps/xwiki/values.yaml
@@ -39,10 +39,13 @@ properties:
  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.btn-primary-bg": "@brand-primary"
  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-color": "@brand-primary"
  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-color": "@brand-primary"
-  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-color": "@brand-primary"
-  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-active-color": "@brand-primary"
+  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-color":
+    "@brand-primary"
+  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-active-color":
+    "@brand-primary"
  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": "#fff"
  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": "#fff"
+  # yamllint disable-line rule:line-length
  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.lessCode": "'@list-group-active-border: @list-group-border; @gray-light: #727272; @text-muted: @gray; @xwiki-drawer-menu-item-hover-bg: @list-group-hover-bg; @xwiki-drawer-menu-item-hover-color: @list-group-link-hover-color; @well-bg: @body-bg; .navbar-default { border-bottom: 3px solid @brand-primary !important; } #menuview .navbar-brand img { padding: 5px; }'"
  "property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "oidc"

@@ -52,8 +55,9 @@ customConfigs:
  xwiki.properties:
    oidc.scope: "openid,profile,email,address,phoenix"
    oidc.endpoint.userinfo.method: "GET"
-    oidc.user.nameFormater: '${oidc.user.phoenixusername._lowerCase}'
-    oidc.user.subjectFormater: '${oidc.user.subject}'
+    oidc.user.nameFormater: "${oidc.user.phoenixusername._lowerCase}"
+    oidc.user.subjectFormater: "${oidc.user.subject}"
+    # yamllint disable-line rule:line-length
    oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
    oidc.clientid: "xwiki"
    oidc.endpoint.token.auth_method: "client_secret_basic"