diff --git a/docs/privacyidea.md b/docs/privacyidea.md
index 34c74f63954e209aecc50e9e23615dfca37dfd94..c6ccc2cd5fb156b2d5027f60a06be288e7ffd1ca 100644
--- a/docs/privacyidea.md
+++ b/docs/privacyidea.md
@@ -17,7 +17,7 @@ You need to add the authentication source 'privacyidea' to
`config/authsources.php`. _example-privacyidea_ is the name used to identify this module, it can be changed to your liking. The following is a template configuration:
```PHP
-'example-privacyidea' => array(
+'example-privacyidea' => [
'privacyidea:PrivacyideaAuthSource',
/*
@@ -100,35 +100,35 @@ You need to add the authentication source 'privacyidea' to
* SAML attribute names.
* Optional.
*/
- 'attributemap' => array(
+ 'attributemap' => [
'username' => 'samlLoginName',
'surname' => 'surName',
'givenname' => 'givenName',
'email' => 'emailAddress',
'phone' => 'telePhone',
'mobile' => 'mobilePhone'
- ),
+ ],
/*
* You are able to concatenate attributes like the given and surname.
* Optional.
*/
- 'concatenationmap' => array(
+ 'concatenationmap' => [
'givenname,surname' => 'fullName',
- ),
+ ],
/*
* Here the detail attributes can be edited.
* If they should not be listed, just remove them.
* Optional.
*/
- 'detailmap' => array(
+ 'detailmap' => [
'message' => 'message',
'type' => 'otpType',
'serial' => 'otpSerial',
'otplen' => 'otpLength'
- ),
-),
+ ],
+],
```
## User attributes
@@ -151,12 +151,12 @@ attribute 'groups', you can map that to 'groups' if you include it in the attrib
If you want to use privacyIDEA as an auth process filter, add the configuration to the metadata file (e.g. `simplesaml/metadata/saml20-idp-hosted.php`.
```PHP
-'authproc' => array(
+'authproc' => [
/**
* Configuration for the privacyIDEA server.
*/
- 20 => array(
+ 20 => [
'class' => 'privacyidea:PrivacyideaAuthProc',
/**
@@ -174,7 +174,7 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* You can choose a single one or multiple ones. The first set will be used.
*/
'uidKey' => 'uid',
- // 'uidKey' => array('uid', 'userName', 'uName'),
+ // 'uidKey' => ['uid', 'userName', 'uName'],
/**
* Check if the hostname matches the name in the certificate.
@@ -265,7 +265,7 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* Enter a range like "10.0.0.0-10.2.0.0" or a single ip like "192.168.178.2"
* The selected ip addresses do not need 2FA
*/
- 'excludeClientIPs' => array("10.0.0.0-10.2.0.0", "192.168.178.2"),
+ 'excludeClientIPs' => ["10.0.0.0-10.2.0.0", "192.168.178.2"],
/**
@@ -288,10 +288,10 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* If there is a match, the filter will set the specified state variable to false and thereby disables
* privacyIDEA for this entityID The first matching expression will take precedence.
*/
- 'excludeEntityIDs' => array(
+ 'excludeEntityIDs' => [
'/http(s)\/\/conditional-no2fa-provider.de\/(.*)/',
'/http(.*)no2fa-provider.de/'
- ),
+ ],
/**
* Per value in excludeEntityIDs, you may specify another set of regular expressions to match the
* attributes in the SAML request. If there is a match in any attribute value, this filter will
@@ -300,17 +300,23 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* accounts.
* The key in includeAttributes must be identical to a value in excludeEntityIDs to have an effect!
*/
- 'includeAttributes' => array(
- '/http(s)\/\/conditional-no2fa-provider.de\/(.*)/' => array(
- 'memberOf' => array(
+ 'includeAttributes' => [
+ '/http(s)\/\/conditional-no2fa-provider.de\/(.*)/' => [
+ 'memberOf' => [
'/cn=2fa-required([-_])regexmatch(.*),cn=groups,(.*)/',
'cn=2fa-required-exactmatch,ou=section,dc=privacyidea,dc=org'
- ),
- 'myAttribute' => array(
+ ],
+ 'myAttribute' => [
'/(.*)2fa-required/', '2fa-required',
- )
- )
- ),
- ),
-)
+ ]
+ ]
+ ],
+
+ /**
+ * Whether to show logout link on the auth proc filter page.
+ * Optional, default to true.
+ */
+ 'showLogout' => false,
+ ],
+]
```
diff --git a/lib/Auth/Process/PrivacyideaAuthProc.php b/lib/Auth/Process/PrivacyideaAuthProc.php
index b0fc6187ca2c60f1cd299f7de722b8360b261cc4..94ed5f52c9ec26390dc86343500ba24c9b5788e3 100644
--- a/lib/Auth/Process/PrivacyideaAuthProc.php
+++ b/lib/Auth/Process/PrivacyideaAuthProc.php
@@ -55,6 +55,7 @@ class PrivacyideaAuthProc extends ProcessingFilter
// Update state before starting the authentication process
$state['privacyidea:privacyidea'] = $this->authProcConfig;
$state['privacyidea:privacyidea']['authenticationMethod'] = 'authprocess';
+ $state['privacyidea:privacyidea:ui']['showLogout'] = $this->authProcConfig['showLogout'] ?? true;
// If set in config, allow to check the IP of the client and to control the 2FA depending on the client IP.
// It can be used to configure that a user does not need to provide a second factor when logging in from the local network.
diff --git a/templates/LoginForm.php b/templates/LoginForm.php
index 08e11ad55c73e439b90128e45cb335afce418fca..706941e3a75d4f23596483992d7dfc425e6428e2 100644
--- a/templates/LoginForm.php
+++ b/templates/LoginForm.php
@@ -241,7 +241,7 @@ if (null !== $this->data['errorCode']) {
<?php
// Logout
- if (isset($this->data['LogoutURL'])) { ?>
+ if ($this->data['showLogout'] ?? true && isset($this->data['LogoutURL'])) { ?>
<p>
<a href="<?php echo htmlspecialchars($this->data['LogoutURL']); ?>"><?php echo $this->t('{status:logout}'); ?></a>
</p>