-
Andreas Åkre Solberg authored
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1803 44740490-163a-0410-bde0-09ae8108e29a
Andreas Åkre Solberg authoredgit-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1803 44740490-163a-0410-bde0-09ae8108e29a
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
authsources.php 7.10 KiB
<?php
$config = array(
/*
* This is a authentication source which handles admin authentication.
*/
'admin' => array(
/*
* The default is to use core:AdminPassword, but it can be replaced with
* any authentication source.
*/
'core:AdminPassword',
),
/*
* This is the default SAML SP, used in examples.
*/
'default-sp' => array(
'saml:SP',
/*
* The entity ID of the IdP this should SP should contact.
* Can be NULL/unset, in which case the user will be shown a list of available IdPs.
*/
'idp' => NULL,
),
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT "username", "name", "email" FROM "users" WHERE "username" = :username AND "password" = :password',
),
'example-static' => array(
'exampleauth:Static',
'uid' => array('testuser'),
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
// Requires you to enable the OpenID module.
'openid' => array(
'openid:OpenIDConsumer',
),
'example-userpass' => array(
'exampleauth:UserPass',
'student:studentpass' => array(
'uid' => array('test'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
'yubikey' => array(
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
),
'openid' => array(
'openid:OpenIDConsumer', 'attributes.required' => array('nickname'),
'attributes.optional' => array('fullname', 'email',),
),
'feide' => array(
'feide:Feide',
),
'papi' => array(
'authpapi:PAPI',
),
/*
* An authentication source which can authenticate against both SAML 2.0
* and Shibboleth 1.3 IdPs.
*/
'saml' => array(
'saml:SP',
/*
* The entity ID of this SP.
* Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
*/
'entityID' => NULL,
/*
* The entity ID of the IdP this should SP should contact.
* Can be NULL/unset, in which case the user will be shown a list of available IdPs.
*/
'idp' => NULL,
/*
* The URL to the discovery service.
* Can be NULL/unset, in which case a builtin discovery service will be used.
*/
'discoURL' => NULL,
),
'facebook' => array(
'authfacebook:Facebook',
'api_key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
/* Twitter OAuth Authentication API.
* Register your application to get an API key here:
* http://twitter.com/oauth_clients
*/
'twitter' => array(
'authtwitter:Twitter',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
/* Example of a LDAP authentication source. */
'example-ldap' => array(
'ldap:LDAP',
/* The hostname of the LDAP server. */
'hostname' => 'ldap.example.org',
/* Whether SSL/TLS should be used when contacting the LDAP server. */
'enable_tls' => FALSE,
/*
* Whether debug output from the LDAP library should be enabled.
* Default is FALSE.
*/ 'debug' => FALSE,
/*
* The timeout for accessing the LDAP server, in seconds.
* The default is 0, which means no timeout.
*/
'timeout' => 0,
/*
* Which attributes should be retrieved from the LDAP server.
* This can be an array of attribute names, or NULL, in which case
* all attributes are fetched.
*/
'attributes' => NULL,
/*
* The pattern which should be used to create the users DN given the username.
* %username% in this pattern will be replaced with the users username.
*
* This option is not used if the search.enable option is set to TRUE.
*/
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
/*
* As an alternative to specifying a pattern for the users DN, it is possible to
* search for the username in a set of attributes. This is enabled by this option.
*/
'search.enable' => FALSE,
/*
* The DN which will be used as a base for the search.
* This can be a single string, in which case only that DN is searched, or an
* array of strings, in which case they will be searched in the order given.
*/
'search.base' => 'ou=people,dc=example,dc=org',
/*
* The attribute(s) the username should match against.
*
* This is an array with one or more attribute names. Any of the attributes in
* the array may match the value the username.
*/
'search.attributes' => array('uid', 'mail'),
/*
* The username & password the simpleSAMLphp should bind to before searching. If
* this is left as NULL, no bind will be performed before searching.
*/
'search.username' => NULL,
'search.password' => NULL,
/*
* If the directory uses privilege separation,
* the authenticated user may not be able to retrieve
* all required attribures, a privileged entity is required
* to get them. This is enabled with this option.
*/
'priv.read' => FALSE,
/*
* The DN & password the simpleSAMLphp should bind to before
* retrieving attributes. These options are required if
* 'priv.read' is set to TRUE.
*/
'priv.username' => NULL,
'priv.password' => NULL,
),
/* Example of an LDAPMulti authentication source. */ 'example-ldapmulti' => array(
'ldap:LDAPMulti',
/*
* The way the organization as part of the username should be handled.
* Three possible values:
* - 'none': No handling of the organization. Allows '@' to be part
* of the username.
* - 'allow': Will allow users to type 'username@organization'.
* - 'force': Force users to type 'username@organization'. The dropdown
* list will be hidden.
*
* The default is 'none'.
*/
'username_organization_method' => 'none',
/*
* Whether the organization should be included as part of the username
* when authenticating. If this is set to TRUE, the username will be on
* the form <username>@<organization identifier>. If this is FALSE, the
* username will be used as the user enters it.
*
* The default is FALSE.
*/
'include_organization_in_username' => FALSE,
/*
* A list of available LDAP servers.
*
* The index is an identifier for the organization/group. When
* 'username_organization_method' is set to something other than 'none',
* the organization-part of the username is matched against the index.
*
* The value of each element is an array in the same format as an LDAP
* authentication source.
*/
'employees' => array(
/*
* A short name/description for this group. Will be shown in a dropdown list
* when the user logs on.
*
* This option can be a string or an array with language => text mappings.
*/
'description' => 'Employees',
/*
* The rest of the options are the same as those available for
* the LDAP authentication source.
*/
'hostname' => 'ldap.employees.example.org',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
),
'students' => array(
'description' => 'Students',
'hostname' => 'ldap.students.example.org',
'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
),
),
);
?>