Renmed SAMLP_SP_PRIVATE_KEY to SAML_SP_PRIVATE_KEY

Now it matches the documented value and follows the naming schema. The old env name is still valid, to maintain backwards compatibility.

Fixes issue #339

.docker/symfony.conf

@@ -33,7 +33,8 @@
         PassEnv HISTORY_SAVE_CHANGED_FIELDS HISTORY_SAVE_CHANGED_DATA HISTORY_SAVE_REMOVED_DATA HISTORY_SAVE_NEW_DATA
         PassEnv ERROR_PAGE_ADMIN_EMAIL ERROR_PAGE_SHOW_HELP
         PassEnv DEMO_MODE NO_URL_REWRITE_AVAILABLE FIXER_API_KEY BANNER
-        PassEnv SAML_ENABLED SAML_ROLE_MAPPING SAML_UPDATE_GROUP_ON_LOGIN SAML_IDP_ENTITY_ID SAML_IDP_SINGLE_SIGN_ON_SERVICE SAML_IDP_SINGLE_LOGOUT_SERVICE SAML_IDP_X509_CERT SAML_SP_ENTITY_ID SAML_SP_X509_CERT SAMLP_SP_PRIVATE_KEY
+        # In old version the SAML sp private key env, was wrongly named SAMLP_SP_PRIVATE_KEY, keep it for backward compatibility
+        PassEnv SAML_ENABLED SAML_ROLE_MAPPING SAML_UPDATE_GROUP_ON_LOGIN SAML_IDP_ENTITY_ID SAML_IDP_SINGLE_SIGN_ON_SERVICE SAML_IDP_SINGLE_LOGOUT_SERVICE SAML_IDP_X509_CERT SAML_SP_ENTITY_ID SAML_SP_X509_CERT SAML_SP_PRIVATE_KEY SAMLP_SP_PRIVATE_KEY
         PassEnv TABLE_DEFAULT_PAGE_SIZE
 
         PassEnv PROVIDER_DIGIKEY_CLIENT_ID PROVIDER_DIGIKEY_SECRET PROVIDER_DIGIKEY_CURRENCY PROVIDER_DIGIKEY_LANGUAGE PROVIDER_DIGIKEY_COUNTRY

.env

@@ -172,7 +172,7 @@ SAML_SP_ENTITY_ID="https://partdb.changeme.invalid/sp"
 # The public certificate of the SAML SP
 SAML_SP_X509_CERT="MIIC..."
 # The private key of the SAML SP
-SAMLP_SP_PRIVATE_KEY="MIIE..."
+SAML_SP_PRIVATE_KEY="MIIE..."
 
 
 ######################################################################################

config/packages/nbgrp_onelogin_saml.yaml

@@ -1,5 +1,9 @@
 # See https://github.com/SAML-Toolkits/php-saml for more information about the SAML settings
 
+# Define a parameter here, so we can access it later in the default fallback
+parameters:
+  saml.sp.privateKey: '%env(string:SAML_SP_PRIVATE_KEY)%'
+
 nbgrp_onelogin_saml:
   onelogin_settings:
     default:
@@ -22,7 +26,9 @@ nbgrp_onelogin_saml:
           url: '%partdb.default_uri%logout'
           binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
         x509cert: '%env(string:SAML_SP_X509_CERT)%'
-        privateKey: '%env(string:SAMLP_SP_PRIVATE_KEY)%'
+        # Before the env variable was wrongly named "SAMLP_SP_PRIVATE_KEY".
+        # For compatibility reasons we keep it and only fallback to the new name if the old one is not set. This may be removed in the future.
+        privateKey: '%env(string:default:saml.sp.privateKey:string:SAMLP_SP_PRIVATE_KEY)%'
 
       # Optional settings
       #baseurl: 'http://myapp.com'

docs/installation/saml_sso.md

@@ -143,7 +143,7 @@ The reverse is also possible: If you have existing SAML users and want them to b
 > It is recommended that you let the original admin user (ID: 2) be a local user, so you can still login to Part-DB if the SAML identity provider is not available.
 
 ## Advanced SAML configuration
-You can find some more advanced SAML configuration options in the `config/packages/hslavich_onelogin_saml.yaml` file. Refer to the file for more information.
+You can find some more advanced SAML configuration options in the `config/packages/nbgrp_onelogin_saml.yaml` file. Refer to the file for more information.
 Normally you don't have to change anything here.
 
 Please note that this file is not saved by the Part-DB backup tool, so you have to save it manually if you want to keep your changes. On docker containers you have to configure a volume mapping for it.