X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/85db812feaae5f36ea6214931cec4adb67a9cb39..refs/pull/2902/head:/app/Config/saml2.php

diff --git a/app/Config/saml2.php b/app/Config/saml2.php
index 8ba969549..3c4319100 100644
--- a/app/Config/saml2.php
+++ b/app/Config/saml2.php
@@ -31,7 +31,6 @@ return [
     // Overrides, in JSON format, to the configuration passed to underlying onelogin library.
     'onelogin_overrides' => env('SAML2_ONELOGIN_OVERRIDES', null),
 
-
     'onelogin' => [
         // If 'strict' is True, then the PHP Toolkit will reject unsigned
         // or unencrypted messages if it expects them signed or encrypted
@@ -81,8 +80,8 @@ return [
             'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
             // Usually x509cert and privateKey of the SP are provided by files placed at
             // the certs folder. But we can also provide them with the following parameters
-            'x509cert' => '',
-            'privateKey' => '',
+            'x509cert'   => env('SAML2_SP_CERTIFICATE', ''),
+            'privateKey' => env('SAML2_SP_PRIVATEKEY', ''),
         ],
         // Identity Provider Data that we want connect with our SP
         'idp' => [
@@ -148,6 +147,9 @@ return [
             // Multiple forced values can be passed via a space separated array, For example:
             // SAML2_IDP_AUTHNCONTEXT="urn:federation:authentication:windows urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
             'requestedAuthnContext' => is_string($SAML2_IDP_AUTHNCONTEXT) ? explode(' ', $SAML2_IDP_AUTHNCONTEXT) : $SAML2_IDP_AUTHNCONTEXT,
+            'logoutRequestSigned'   => env('SAML2_LOGOUT_REQUEST_SIGNED', false),
+            'logoutResponseSigned'  => env('SAML2_LOGOUT_RESPONSE_SIGNED', false),
+            'lowercaseUrlencoding'  => env('SAML2_LOWERCASE_URLENCODING', false),
         ],
     ],