diff --git a/docs/privacyidea.md b/docs/privacyidea.md
index c6ccc2cd5fb156b2d5027f60a06be288e7ffd1ca..6be53d7e389890ced92b4d57b39a42257fb6a9b0 100644
--- a/docs/privacyidea.md
+++ b/docs/privacyidea.md
@@ -4,10 +4,8 @@ This module is an authentication module for simpleSAMLphp to use with the privac
You can use this plugin in two different ways:
-<ol>
- <li> AuthSource: This module does the complete authentication process against privacyIDEA
- <li> AuthProc: This module does just one step of the authentication, the second factor against privacyIDEA
-</ol>
+1. AuthSource: This module does the complete authentication process against privacyIDEA
+2. AuthProc: This module does just one step of the authentication, the second factor against privacyIDEA
NOTE: This plugin is enabled by default when installed, you do not need to enable it manually.
@@ -31,14 +29,14 @@ You need to add the authentication source 'privacyidea' to
* The value have to be a string.
* Optional.
*/
- 'sslVerifyHost' => 'false',
+ 'sslVerifyHost' => false,
/*
* Check if the certificate is valid, signed by a trusted CA.
* The value have to be a string.
* Optional.
*/
- 'sslVerifyPeer' => 'false',
+ 'sslVerifyPeer' => false,
/*
* The realm where the user is located in.
@@ -57,21 +55,21 @@ You need to add the authentication source 'privacyidea' to
'servicePass' => 'service',
/**
- * Set doTriggerChallenge to 'true' to trigger challenges prior to the login
+ * Set doTriggerChallenge to true to trigger challenges prior to the login
* using the configured service account.
* This setting takes precedence over 'doSendPassword'.
* The value have to be a string.
*/
- 'doTriggerChallenge' => 'true',
+ 'doTriggerChallenge' => true,
/**
- * Set doSendPassword to 'true' to send a request to validate/check with the username
+ * Set doSendPassword to true to send a request to validate/check with the username
* and an empty pass prior to the login.
* This can be used to trigger challenges depending on the configuration in privacyIDEA
* and requires no service account. If 'doTriggerChallenge' is enabled, this setting has no effect.
* The value have to be a string.
*/
- 'doSendPassword' => 'true',
+ 'doSendPassword' => true,
/**
* Set custom hints for the OTP and password fields
@@ -80,11 +78,11 @@ You need to add the authentication source 'privacyidea' to
'passFieldHint' => 'Password',
/**
- * Set SSO to 'true' if you want to use single sign on.
+ * Set SSO to true if you want to use single sign on.
* All information required for SSO will be saved in the session.
* After logging out, the SSO data will be removed from the session.
*/
- 'SSO' => 'false',
+ 'SSO' => false,
/**
* Set preferredTokenType to your favourite token type.
@@ -180,13 +178,13 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* Check if the hostname matches the name in the certificate.
* The value have to be a string.
*/
- 'sslVerifyHost' => 'true',
+ 'sslVerifyHost' => true,
/**
* Check if the certificate is valid, signed by a trusted CA
* The value have to be a string.
*/
- 'sslVerifyPeer' => 'true',
+ 'sslVerifyPeer' => true,
/**
* Here you need to enter the username of your service account
@@ -202,7 +200,7 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* You can add this option, if you want to enroll tokens for users, who do not have one yet.
* The value have to be a string.
*/
- 'doEnrollToken' => 'true',
+ 'doEnrollToken' => true,
/**
* You can select a time based otp (totp), an event based otp (hotp) or an u2f (u2f)
@@ -213,14 +211,14 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* You can enable or disable trigger challenge.
* The value have to be a string.
*/
- 'doTriggerChallenge' => 'true',
+ 'doTriggerChallenge' => true,
/**
- * Set this to 'true' if you want to use single sign on.
+ * Set this to true if you want to use single sign on.
* All information required for SSO will be saved in the session.
* After logging out, the SSO data will be removed from the session.
*/
- 'SSO' => 'false',
+ 'SSO' => false,
/**
* Set preferredTokenType to your favourite token type.
@@ -252,7 +250,7 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* privacyIDEA. If passOnNoToken is activated and the user does not have a token, he will be passed by privacyIDEA.
* NOTE: Do not use it with privacyidea:tokenEnrollment.
*/
- 'tryFirstAuthentication' => 'true',
+ 'tryFirstAuthentication' => true,
/**
* You can decide, which password should be used for tryFirstAuthentication
@@ -273,7 +271,7 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* the entityID and/or SAML attributes, you may enable this filter.
* Value have to be string.
*/
- 'checkEntityID' => 'true',
+ 'checkEntityID' => true,
/**
* Depending on excludeEntityIDs and includeAttributes the filter will set the state variable
diff --git a/lib/Auth/Process/PrivacyideaAuthProc.php b/lib/Auth/Process/PrivacyideaAuthProc.php
index 94ed5f52c9ec26390dc86343500ba24c9b5788e3..eb3f49220a7beee9f94b2f120b2a774962461457 100644
--- a/lib/Auth/Process/PrivacyideaAuthProc.php
+++ b/lib/Auth/Process/PrivacyideaAuthProc.php
@@ -67,9 +67,9 @@ class PrivacyideaAuthProc extends ProcessingFilter
}
}
- // If set to "true" in config, selectively disable the privacyIDEA authentication using the entityID and/or SAML attributes.
+ // If set to true in config, selectively disable the privacyIDEA authentication using the entityID and/or SAML attributes.
// The skipping will be done in self::isPrivacyIDEADisabled
- if (!empty($this->authProcConfig['checkEntityID']) && 'true' === $this->authProcConfig['checkEntityID']) {
+ if (!empty($this->authProcConfig['checkEntityID']) && true === $this->authProcConfig['checkEntityID']) {
$stateId = State::saveState($state, 'privacyidea:privacyidea');
$stateId = $this->checkEntityID($this->authProcConfig, $stateId);
$state = State::loadState($stateId, 'privacyidea:privacyidea');
@@ -83,7 +83,7 @@ class PrivacyideaAuthProc extends ProcessingFilter
// SSO check if authentication should be skipped
if (array_key_exists('SSO', $this->authProcConfig)
- && 'true' === $this->authProcConfig['SSO']) {
+ && true === $this->authProcConfig['SSO']) {
if (Utils::checkForValidSSO($state)) {
Logger::debug('privacyIDEA: SSO data valid - logging in..');
ProcessingChain::resumeProcessing($state);
@@ -96,12 +96,12 @@ class PrivacyideaAuthProc extends ProcessingFilter
$stateId = State::saveState($state, 'privacyidea:privacyidea');
// Check if it should be controlled that user has no tokens and a new token should be enrolled.
- if (!empty($this->authProcConfig['doEnrollToken']) && 'true' === $this->authProcConfig['doEnrollToken']) {
+ if (!empty($this->authProcConfig['doEnrollToken']) && true === $this->authProcConfig['doEnrollToken']) {
$stateId = $this->enrollToken($stateId, $username);
}
// Check if triggerChallenge or a call with a static pass to /validate/check should be done
- if (!empty($this->authProcConfig['doTriggerChallenge']) && 'true' === $this->authProcConfig['doTriggerChallenge']) {
+ if (!empty($this->authProcConfig['doTriggerChallenge']) && true === $this->authProcConfig['doTriggerChallenge']) {
// Call /validate/triggerchallenge with the service account from the configuration to trigger all token of the user
$stateId = State::saveState($state, 'privacyidea:privacyidea');
if (!$this->pi->serviceAccountAvailable()) {
@@ -120,7 +120,7 @@ class PrivacyideaAuthProc extends ProcessingFilter
$stateId = Utils::processPIResponse($stateId, $response);
}
}
- } elseif (!empty($this->authProcConfig['tryFirstAuthentication']) && 'true' === $this->authProcConfig['tryFirstAuthentication']) {
+ } elseif (!empty($this->authProcConfig['tryFirstAuthentication']) && true === $this->authProcConfig['tryFirstAuthentication']) {
// Call /validate/check with a static pass from the configuration
// This could already end the authentication with the "passOnNoToken" policy, or it could trigger challenges
$response = Utils::authenticatePI($state, [
diff --git a/lib/Auth/Source/PrivacyideaAuthSource.php b/lib/Auth/Source/PrivacyideaAuthSource.php
index 4dc73af18eddfe559ba70726a02f14613885e59c..a5e01f0e5d9f1700147d5a34458575fa1aabcc21 100644
--- a/lib/Auth/Source/PrivacyideaAuthSource.php
+++ b/lib/Auth/Source/PrivacyideaAuthSource.php
@@ -144,7 +144,7 @@ class PrivacyideaAuthSource extends UserPassBase
$stateId = State::saveState($state, 'privacyidea:privacyidea');
if (array_key_exists('doTriggerChallenge', $source->authSourceConfig)
- && 'true' === $source->authSourceConfig['doTriggerChallenge']) {
+ && true === $source->authSourceConfig['doTriggerChallenge']) {
if (!empty($username) && $source->pi->serviceAccountAvailable()) {
try {
$response = $source->pi->triggerChallenge($username);
@@ -153,7 +153,7 @@ class PrivacyideaAuthSource extends UserPassBase
}
}
} elseif (array_key_exists('doSendPassword', $source->authSourceConfig)
- && 'true' === $source->authSourceConfig['doSendPassword']) {
+ && true === $source->authSourceConfig['doSendPassword']) {
if (!empty($username)) {
try {
$response = $source->pi->validateCheck($username, $password);
diff --git a/lib/Auth/Utils.php b/lib/Auth/Utils.php
index 99ff885ac485db6b4bb40d2329bb74404cbf7af1..e4a294f45d4878cbc6688e2c677c6bbb9c9dec8c 100644
--- a/lib/Auth/Utils.php
+++ b/lib/Auth/Utils.php
@@ -32,7 +32,7 @@ class Utils
$state['privacyidea:privacyidea:ui']['mode'] = $formParams['mode'];
// If the mode was changed, do not make any requests
- if ('true' === $formParams['modeChanged']) {
+ if (true === $formParams['modeChanged']) {
$state['privacyidea:privacyidea:ui']['loadCounter'] = 1;
return null;
@@ -202,11 +202,11 @@ class Utils
$pi->logger = new PILogger();
if (array_key_exists('sslVerifyHost', $config) && !empty($config['sslVerifyHost'])) {
- $pi->sslVerifyHost = 'false' !== $config['sslVerifyHost'];
+ $pi->sslVerifyHost = false !== $config['sslVerifyHost'];
}
if (array_key_exists('sslVerifyPeer', $config) && !empty($config['sslVerifyPeer'])) {
- $pi->sslVerifyPeer = 'false' !== $config['sslVerifyPeer'];
+ $pi->sslVerifyPeer = false !== $config['sslVerifyPeer'];
}
if (array_key_exists('serviceAccount', $config) && !empty($config['serviceAccount'])) {