]> BookStack Code Mirror - bookstack/blobdiff - app/Config/saml2.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Skip intermediate login page with single provider
[bookstack] / app / Config / saml2.php
diff --git a/app/Config/saml2.php b/app/Config/saml2.php
index ad6dfe1f9a0beb5eaeeab3c4c02eaef4eeb3d278..44d06c5b2e60c6bb47af0a6970e3b3566dd1e927 100644 (file)
--- a/app/Config/saml2.php
+++ b/app/Config/saml2.php
@@ -1,6 +1,7 @@
 <?php
 
 $SAML2_IDP_AUTHNCONTEXT = env('SAML2_IDP_AUTHNCONTEXT', true);
 <?php
 
 $SAML2_IDP_AUTHNCONTEXT = env('SAML2_IDP_AUTHNCONTEXT', true);
+$SAML2_SP_x509 = env('SAML2_SP_x509', false);
 
 return [
 
 
 return [
 
@@ -78,10 +79,11 @@ return [
             // represent the requested subject.
             // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
             'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
             // represent the requested subject.
             // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
             'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+
             // Usually x509cert and privateKey of the SP are provided by files placed at
             // the certs folder. But we can also provide them with the following parameters
             // Usually x509cert and privateKey of the SP are provided by files placed at
             // the certs folder. But we can also provide them with the following parameters
-            'x509cert'   => env('SAML2_SP_CERTIFICATE', ''),
-            'privateKey' => env('SAML2_SP_PRIVATEKEY', ''),
+            'x509cert'   => $SAML2_SP_x509 ?: '',
+            'privateKey' => env('SAML2_SP_x509_KEY', ''),
         ],
         // Identity Provider Data that we want connect with our SP
         'idp' => [
         ],
         // Identity Provider Data that we want connect with our SP
         'idp' => [
@@ -147,9 +149,11 @@ return [
             // Multiple forced values can be passed via a space separated array, For example:
             // SAML2_IDP_AUTHNCONTEXT="urn:federation:authentication:windows urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
             'requestedAuthnContext' => is_string($SAML2_IDP_AUTHNCONTEXT) ? explode(' ', $SAML2_IDP_AUTHNCONTEXT) : $SAML2_IDP_AUTHNCONTEXT,
             // Multiple forced values can be passed via a space separated array, For example:
             // SAML2_IDP_AUTHNCONTEXT="urn:federation:authentication:windows urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
             'requestedAuthnContext' => is_string($SAML2_IDP_AUTHNCONTEXT) ? explode(' ', $SAML2_IDP_AUTHNCONTEXT) : $SAML2_IDP_AUTHNCONTEXT,
-            'logoutRequestSigned'   => env('SAML2_LOGOUT_REQUEST_SIGNED', false),
-            'logoutResponseSigned'  => env('SAML2_LOGOUT_RESPONSE_SIGNED', false),
-            'lowercaseUrlencoding'  => env('SAML2_LOWERCASE_URLENCODING', false)
+            // Sign requests and responses if a certificate is in use
+            'logoutRequestSigned'   => (bool) $SAML2_SP_x509,
+            'logoutResponseSigned'  => (bool) $SAML2_SP_x509,
+            'authnRequestsSigned'   => (bool) $SAML2_SP_x509,
+            'lowercaseUrlencoding'  => false,
         ],
     ],
 
         ],
     ],
 
The core source code for the BookStack project.