<?php
$SAML2_IDP_AUTHNCONTEXT = env('SAML2_IDP_AUTHNCONTEXT', true);
+$SAML2_SP_x509 = env('SAML2_SP_x509', false);
return [
// represent the requested subject.
// Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+
// Usually x509cert and privateKey of the SP are provided by files placed at
// the certs folder. But we can also provide them with the following parameters
- 'x509cert' => env('SAML2_SP_CERTIFICATE', ''),
- 'privateKey' => env('SAML2_SP_PRIVATEKEY', ''),
+ 'x509cert' => $SAML2_SP_x509 ?: '',
+ 'privateKey' => env('SAML2_SP_x509_KEY', ''),
],
// Identity Provider Data that we want connect with our SP
'idp' => [
// Multiple forced values can be passed via a space separated array, For example:
// SAML2_IDP_AUTHNCONTEXT="urn:federation:authentication:windows urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
'requestedAuthnContext' => is_string($SAML2_IDP_AUTHNCONTEXT) ? explode(' ', $SAML2_IDP_AUTHNCONTEXT) : $SAML2_IDP_AUTHNCONTEXT,
- 'logoutRequestSigned' => env('SAML2_LOGOUT_REQUEST_SIGNED', false),
- 'logoutResponseSigned' => env('SAML2_LOGOUT_RESPONSE_SIGNED', false),
- 'lowercaseUrlencoding' => env('SAML2_LOWERCASE_URLENCODING', false),
+ // Sign requests and responses if a certificate is in use
+ 'logoutRequestSigned' => (bool) $SAML2_SP_x509,
+ 'logoutResponseSigned' => (bool) $SAML2_SP_x509,
+ 'authnRequestsSigned' => (bool) $SAML2_SP_x509,
+ 'lowercaseUrlencoding' => false,
],
],
projects / bookstack / blobdiff