Skip to content
Snippets Groups Projects
Commit 73c09377 authored by Pavel Břoušek's avatar Pavel Břoušek
Browse files

docs: update README

parent f9f844c3
No related branches found
No related tags found
No related merge requests found
Pipeline #402628 passed
Stage: .pre
Stage: test
Stage: deploy
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 4 deletions
README.md
+ 4
4
View file @ 73c09377
...@@ -35,7 +35,7 @@ The following configuration options are available: ...@@ -35,7 +35,7 @@ The following configuration options are available:
`campusmultiauth:campusidp` defines which module and authentication source to use. This is the only mandatory option. `campusmultiauth:campusidp` defines which module and authentication source to use. This is the only mandatory option.
`userPassSource` is an authentication source to use to authentication with a username and password. For easy integration with any identity provider supporting [ECP](http://docs.oasis-open.org/security/saml/Post2.0/saml-ecp/v2.0/saml-ecp-v2.0.html), see [simplesamlphp-module-campususerpass](https://gitlab.ics.muni.cz/perun-proxy-aai/simplesamlphp/simplesamlphp-module-campususerpass). If the name is not set, `campus-userpass` is used as a default option. `userPassSource` is an authentication source to use to authentication with a username and password. For easy integration with any identity provider supporting [ECP](http://docs.oasis-open.org/security/saml/Post2.0/saml-ecp/v2.0/saml-ecp-v2.0.html), see [simplesamlphp-module-campususerpass](https://gitlab.ics.muni.cz/perun/perun-proxyidp/simplesamlphp-module-campususerpass). If the name is not set, `campus-userpass` is used as a default option.
`spSource` is an authentication source to use to authentication with an external identity provider. If the name is no set, `default-sp` is used as a default option. `spSource` is an authentication source to use to authentication with an external identity provider. If the name is no set, `default-sp` is used as a default option.
...@@ -43,7 +43,7 @@ Of course, both authsources must be defined in authsources.php file. When the co ...@@ -43,7 +43,7 @@ Of course, both authsources must be defined in authsources.php file. When the co
## Login page configuration ## Login page configuration
The second part of the configuration is setting up the login page itself. While doing that, it is highly recommended to follow [our suggestions (Czech only)](https://gitlab.ics.muni.cz/perun-proxy-aai/simplesamlphp/simplesamlphp-module-campusmultiauth/-/wikis/Konfigura%C4%8Dn%C3%AD-doporu%C4%8Den%C3%AD). To configure the login page, you need to create a new configuration file `module_campusmultiauth.php`. In this module, there is an example configuration available at `config-templates/module_campusmultiauth.php`. In configuration file, there are following options available: The second part of the configuration is setting up the login page itself. To configure the login page, you need to create a new configuration file `module_campusmultiauth.php`. In this module, there is an example configuration available at `config-templates/module_campusmultiauth.php`. In configuration file, there are following options available:
`css_framework` - if set to `muni_jvs`, the login page displays in MUNI framework. Otherwise, Bootstrap 5 is used. `css_framework` - if set to `muni_jvs`, the login page displays in MUNI framework. Otherwise, Bootstrap 5 is used.
...@@ -97,7 +97,7 @@ Thanks to the searchbox you can search between all included identity providers. ...@@ -97,7 +97,7 @@ Thanks to the searchbox you can search between all included identity providers.
`placeholder` - text displayed as a placeholder in the searchbox. If you want to add localization, you can write the value as a map with language codes as keys and localized strings as values. If current language is not found in keys, the **_first one_** is used instead. If not set at all, it displays a default value. `placeholder` - text displayed as a placeholder in the searchbox. If you want to add localization, you can write the value as a map with language codes as keys and localized strings as values. If current language is not found in keys, the **_first one_** is used instead. If not set at all, it displays a default value.
`filter` - if you want to display just part of identity providers available in the metadata, you can use this option. If not set, all identity providers from the metadata are included. Otherwise, identity providers to display are chosen based on the [aarc_discovery_hint](https://docs.google.com/document/d/1rHKGzPsjkbqKHxsPnCb0itRLXLtqm-A8CZ5fzzklaxc/edit) logic. However, there are some differences. The content of this option is already decoded (which means it is in the PHP format, not the JSON). Also, you can use the `entityid` claim (instead of `entity_category` / `assurance_certification` / `registration_authority`) to include or exclude specific identity providers. You can find a sample use of the `entityid` claim in [module_campusmultiauth.php](https://gitlab.ics.muni.cz/perun-proxy-aai/simplesamlphp/simplesamlphp-module-campusmultiauth/-/blob/main/config-templates/module_campusmultiauth.php) config template. `filter` - if you want to display just part of identity providers available in the metadata, you can use this option. If not set, all identity providers from the metadata are included. Otherwise, identity providers to display are chosen based on the [aarc_discovery_hint](https://docs.google.com/document/d/1rHKGzPsjkbqKHxsPnCb0itRLXLtqm-A8CZ5fzzklaxc/edit) logic. However, there are some differences. The content of this option is already decoded (which means it is in the PHP format, not the JSON). Also, you can use the `entityid` claim (instead of `entity_category` / `assurance_certification` / `registration_authority`) to include or exclude specific identity providers. You can find a sample use of the `entityid` claim in [module_campusmultiauth.php](https://gitlab.ics.muni.cz/perun/perun-proxyidp/simplesamlphp-module-campusmultiauth/-/blob/main/config-templates/module_campusmultiauth.php) config template.
`priority` - can be set to `primary`, default value is `secondary`. It should be primary if you want users to use this component if they are able to. `priority` - can be set to `primary`, default value is `secondary`. It should be primary if you want users to use this component if they are able to.
...@@ -209,7 +209,7 @@ A service provider can choose which identity provider(s) should user use. If the ...@@ -209,7 +209,7 @@ A service provider can choose which identity provider(s) should user use. If the
## Deployment ## Deployment
The easiest way is to use [docker-campusidp](https://gitlab.ics.muni.cz/perun-proxy-aai/containers/docker-campusidp), which includes this module together with SimpleSAMLphp and PHP-FPM. The easiest way is to use a docker container, which includes this module together with SimpleSAMLphp and PHP-FPM.
If you want to use non-SAML providers (e.g. OAuth or OIDC), you need to provide a bridge. There are multiple ways possible: If you want to use non-SAML providers (e.g. OAuth or OIDC), you need to provide a bridge. There are multiple ways possible:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment