mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2025-08-03 17:55:03 +02:00
aaff0835a3
Now it matches the documented value and follows the naming schema. The old env name is still valid, to maintain backwards compatibility. Fixes issue #339
68 lines
No EOL
2.7 KiB
YAML
68 lines
No EOL
2.7 KiB
YAML
# See https://github.com/SAML-Toolkits/php-saml for more information about the SAML settings
|
|
|
|
# Define a parameter here, so we can access it later in the default fallback
|
|
parameters:
|
|
saml.sp.privateKey: '%env(string:SAML_SP_PRIVATE_KEY)%'
|
|
|
|
nbgrp_onelogin_saml:
|
|
onelogin_settings:
|
|
default:
|
|
# Basic settings
|
|
idp:
|
|
entityId: '%env(string:SAML_IDP_ENTITY_ID)%'
|
|
singleSignOnService:
|
|
url: '%env(string:SAML_IDP_SINGLE_SIGN_ON_SERVICE)%'
|
|
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
|
|
singleLogoutService:
|
|
url: '%env(string:SAML_IDP_SINGLE_LOGOUT_SERVICE)%'
|
|
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
|
|
x509cert: '%env(string:SAML_IDP_X509_CERT)%'
|
|
sp:
|
|
entityId: '%env(string:SAML_SP_ENTITY_ID)%'
|
|
assertionConsumerService:
|
|
url: '%partdb.default_uri%saml/acs'
|
|
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
|
|
singleLogoutService:
|
|
url: '%partdb.default_uri%logout'
|
|
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
|
|
x509cert: '%env(string:SAML_SP_X509_CERT)%'
|
|
# Before the env variable was wrongly named "SAMLP_SP_PRIVATE_KEY".
|
|
# For compatibility reasons we keep it and only fallback to the new name if the old one is not set. This may be removed in the future.
|
|
privateKey: '%env(string:default:saml.sp.privateKey:string:SAMLP_SP_PRIVATE_KEY)%'
|
|
|
|
# Optional settings
|
|
#baseurl: 'http://myapp.com'
|
|
strict: true
|
|
debug: false
|
|
security:
|
|
allowRepeatAttributeName: true
|
|
# nameIdEncrypted: false
|
|
authnRequestsSigned: true
|
|
logoutRequestSigned: true
|
|
logoutResponseSigned: true
|
|
# wantMessagesSigned: false
|
|
# wantAssertionsSigned: true
|
|
# wantNameIdEncrypted: false
|
|
# requestedAuthnContext: true
|
|
# signMetadata: false
|
|
# wantXMLValidation: true
|
|
# relaxDestinationValidation: false
|
|
# destinationStrictlyMatches: true
|
|
# rejectUnsolicitedResponsesWithInResponseTo: false
|
|
# signatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
|
|
# digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256'
|
|
#contactPerson:
|
|
# technical:
|
|
# givenName: 'Tech User'
|
|
# emailAddress: 'techuser@example.com'
|
|
# support:
|
|
# givenName: 'Support User'
|
|
# emailAddress: 'supportuser@example.com'
|
|
# administrative:
|
|
# givenName: 'Administrative User'
|
|
# emailAddress: 'administrativeuser@example.com'
|
|
#organization:
|
|
# en:
|
|
# name: 'Part-DB-name'
|
|
# displayname: 'Displayname'
|
|
# url: 'http://example.com' |