Add support Windows Authentication via SAML

diff --git a/.env.example.complete b/.env.example.complete
index 86a7351c215a675685eebeea1714982eaff5e6bb..d3f109f2f0e6e9a9e7c51ca6ac9a517e32d6f5a1 100644 (file)
--- a/.env.example.complete
+++ b/.env.example.complete
@@ -222,6 +222,12 @@ SAML2_ONELOGIN_OVERRIDES=null
 SAML2_DUMP_USER_DETAILS=false
 SAML2_AUTOLOAD_METADATA=false
 
+# SAML Authentication context.
+# Set to false and no AuthContext will be sent in the AuthNRequest,
+# Set true and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
+# Set an array with the possible auth context values: array ('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'),
+SAML2_IDP_AUTHNCONTEXT=false
+
 # SAML group sync configuration
 # Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/
 SAML2_USER_TO_GROUPS=false
@@ -267,4 +273,4 @@ API_DEFAULT_ITEM_COUNT=100
 API_MAX_ITEM_COUNT=500
 
 # The number of API requests that can be made per minute by a single user.
-API_REQUESTS_PER_MIN=180
\ No newline at end of file
+API_REQUESTS_PER_MIN=180

diff --git a/app/Config/saml2.php b/app/Config/saml2.php
index 5f2c1395b836aacedd36496d153a0ea52f412165..83fa4f227ff95f2d64f40adcf544fe75e7db9bc2 100644 (file)
--- a/app/Config/saml2.php
+++ b/app/Config/saml2.php
@@ -139,6 +139,12 @@ return [
             //      )
             // ),
         ],
+        'security' => [
+            // Specifies Authentication context
+            // false means that IDP choose authentication method
+            // null force Form based authentication or is possible set via array supported methods. See to onelogin/php-sampl/advance_settings
+            'requestedAuthnContext' => env('SAML2_IDP_AUTHNCONTEXT',false), 
+        ],
     ],
 
 ];