X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/07408ec11243995ef6bfded34d87f455336d9460..refs/pull/3391/head:/app/Config/saml2.php diff --git a/app/Config/saml2.php b/app/Config/saml2.php index 3c4319100..44d06c5b2 100644 --- a/app/Config/saml2.php +++ b/app/Config/saml2.php @@ -1,6 +1,7 @@ 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', + // Usually x509cert and privateKey of the SP are provided by files placed at // the certs folder. But we can also provide them with the following parameters - 'x509cert' => env('SAML2_SP_CERTIFICATE', ''), - 'privateKey' => env('SAML2_SP_PRIVATEKEY', ''), + 'x509cert' => $SAML2_SP_x509 ?: '', + 'privateKey' => env('SAML2_SP_x509_KEY', ''), ], // Identity Provider Data that we want connect with our SP 'idp' => [ @@ -147,9 +149,11 @@ return [ // Multiple forced values can be passed via a space separated array, For example: // SAML2_IDP_AUTHNCONTEXT="urn:federation:authentication:windows urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" 'requestedAuthnContext' => is_string($SAML2_IDP_AUTHNCONTEXT) ? explode(' ', $SAML2_IDP_AUTHNCONTEXT) : $SAML2_IDP_AUTHNCONTEXT, - 'logoutRequestSigned' => env('SAML2_LOGOUT_REQUEST_SIGNED', false), - 'logoutResponseSigned' => env('SAML2_LOGOUT_RESPONSE_SIGNED', false), - 'lowercaseUrlencoding' => env('SAML2_LOWERCASE_URLENCODING', false), + // Sign requests and responses if a certificate is in use + 'logoutRequestSigned' => (bool) $SAML2_SP_x509, + 'logoutResponseSigned' => (bool) $SAML2_SP_x509, + 'authnRequestsSigned' => (bool) $SAML2_SP_x509, + 'lowercaseUrlencoding' => false, ], ],