X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/40ca50e44f3ca0f648d915dc73ff205309730f07..refs/pull/3391/head:/app/Config/saml2.php diff --git a/app/Config/saml2.php b/app/Config/saml2.php index 8ba969549..44d06c5b2 100644 --- a/app/Config/saml2.php +++ b/app/Config/saml2.php @@ -1,6 +1,7 @@ env('SAML2_ONELOGIN_OVERRIDES', null), - 'onelogin' => [ // If 'strict' is True, then the PHP Toolkit will reject unsigned // or unencrypted messages if it expects them signed or encrypted @@ -79,10 +79,11 @@ return [ // represent the requested subject. // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', + // Usually x509cert and privateKey of the SP are provided by files placed at // the certs folder. But we can also provide them with the following parameters - 'x509cert' => '', - 'privateKey' => '', + 'x509cert' => $SAML2_SP_x509 ?: '', + 'privateKey' => env('SAML2_SP_x509_KEY', ''), ], // Identity Provider Data that we want connect with our SP 'idp' => [ @@ -148,6 +149,11 @@ return [ // Multiple forced values can be passed via a space separated array, For example: // SAML2_IDP_AUTHNCONTEXT="urn:federation:authentication:windows urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" 'requestedAuthnContext' => is_string($SAML2_IDP_AUTHNCONTEXT) ? explode(' ', $SAML2_IDP_AUTHNCONTEXT) : $SAML2_IDP_AUTHNCONTEXT, + // Sign requests and responses if a certificate is in use + 'logoutRequestSigned' => (bool) $SAML2_SP_x509, + 'logoutResponseSigned' => (bool) $SAML2_SP_x509, + 'authnRequestsSigned' => (bool) $SAML2_SP_x509, + 'lowercaseUrlencoding' => false, ], ],