diff --git a/.docker/symfony.conf b/.docker/symfony.conf index 8866bcc3..952407e7 100644 --- a/.docker/symfony.conf +++ b/.docker/symfony.conf @@ -33,7 +33,8 @@ PassEnv HISTORY_SAVE_CHANGED_FIELDS HISTORY_SAVE_CHANGED_DATA HISTORY_SAVE_REMOVED_DATA HISTORY_SAVE_NEW_DATA PassEnv ERROR_PAGE_ADMIN_EMAIL ERROR_PAGE_SHOW_HELP PassEnv DEMO_MODE NO_URL_REWRITE_AVAILABLE FIXER_API_KEY BANNER - PassEnv SAML_ENABLED SAML_ROLE_MAPPING SAML_UPDATE_GROUP_ON_LOGIN SAML_IDP_ENTITY_ID SAML_IDP_SINGLE_SIGN_ON_SERVICE SAML_IDP_SINGLE_LOGOUT_SERVICE SAML_IDP_X509_CERT SAML_SP_ENTITY_ID SAML_SP_X509_CERT SAMLP_SP_PRIVATE_KEY + # In old version the SAML sp private key env, was wrongly named SAMLP_SP_PRIVATE_KEY, keep it for backward compatibility + PassEnv SAML_ENABLED SAML_ROLE_MAPPING SAML_UPDATE_GROUP_ON_LOGIN SAML_IDP_ENTITY_ID SAML_IDP_SINGLE_SIGN_ON_SERVICE SAML_IDP_SINGLE_LOGOUT_SERVICE SAML_IDP_X509_CERT SAML_SP_ENTITY_ID SAML_SP_X509_CERT SAML_SP_PRIVATE_KEY SAMLP_SP_PRIVATE_KEY PassEnv TABLE_DEFAULT_PAGE_SIZE PassEnv PROVIDER_DIGIKEY_CLIENT_ID PROVIDER_DIGIKEY_SECRET PROVIDER_DIGIKEY_CURRENCY PROVIDER_DIGIKEY_LANGUAGE PROVIDER_DIGIKEY_COUNTRY diff --git a/.env b/.env index cb57a3bb..22ba44cf 100644 --- a/.env +++ b/.env @@ -172,7 +172,7 @@ SAML_SP_ENTITY_ID="https://partdb.changeme.invalid/sp" # The public certificate of the SAML SP SAML_SP_X509_CERT="MIIC..." # The private key of the SAML SP -SAMLP_SP_PRIVATE_KEY="MIIE..." +SAML_SP_PRIVATE_KEY="MIIE..." ###################################################################################### diff --git a/config/packages/nbgrp_onelogin_saml.yaml b/config/packages/nbgrp_onelogin_saml.yaml index d2f5bae0..66b133a2 100644 --- a/config/packages/nbgrp_onelogin_saml.yaml +++ b/config/packages/nbgrp_onelogin_saml.yaml @@ -1,5 +1,9 @@ # See https://github.com/SAML-Toolkits/php-saml for more information about the SAML settings +# Define a parameter here, so we can access it later in the default fallback +parameters: + saml.sp.privateKey: '%env(string:SAML_SP_PRIVATE_KEY)%' + nbgrp_onelogin_saml: onelogin_settings: default: @@ -22,7 +26,9 @@ nbgrp_onelogin_saml: url: '%partdb.default_uri%logout' binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' x509cert: '%env(string:SAML_SP_X509_CERT)%' - privateKey: '%env(string:SAMLP_SP_PRIVATE_KEY)%' + # Before the env variable was wrongly named "SAMLP_SP_PRIVATE_KEY". + # For compatibility reasons we keep it and only fallback to the new name if the old one is not set. This may be removed in the future. + privateKey: '%env(string:default:saml.sp.privateKey:string:SAMLP_SP_PRIVATE_KEY)%' # Optional settings #baseurl: 'http://myapp.com' diff --git a/docs/installation/saml_sso.md b/docs/installation/saml_sso.md index 22a3076e..9a89ab1d 100644 --- a/docs/installation/saml_sso.md +++ b/docs/installation/saml_sso.md @@ -143,7 +143,7 @@ The reverse is also possible: If you have existing SAML users and want them to b > It is recommended that you let the original admin user (ID: 2) be a local user, so you can still login to Part-DB if the SAML identity provider is not available. ## Advanced SAML configuration -You can find some more advanced SAML configuration options in the `config/packages/hslavich_onelogin_saml.yaml` file. Refer to the file for more information. +You can find some more advanced SAML configuration options in the `config/packages/nbgrp_onelogin_saml.yaml` file. Refer to the file for more information. Normally you don't have to change anything here. Please note that this file is not saved by the Part-DB backup tool, so you have to save it manually if you want to keep your changes. On docker containers you have to configure a volume mapping for it.