Alphabetically reorder options

ce715d5e · Tim van Dijen · f5989a72 · ce715d5e · ce715d5e · ce715d5e
Commit ce715d5e authored 5 years ago by Tim van Dijen
--- a/docs/simplesamlphp-reference-idp-hosted.md
+++ b/docs/simplesamlphp-reference-idp-hosted.md
@@ -249,12 +249,6 @@ The following SAML 2.0 options are available:
 :   Allows to specify information about the registrar of this SP. Please refer to the
    [MDRPI extension](./simplesamlphp-metadata-extensions-rpi) document for further information.
-`saml20.sendartifact`
-:   Set to `TRUE` to enable the IdP to send responses with the HTTP-Artifact binding.
-    Defaults to `FALSE`.
-:   Note that this requires a configured memcache server.
 `saml20.ecp`
 :   Set to `true` to enable the IdP to recieve authnrequests and send responses according the Enhanced Client or Proxy (ECP) Profile. Note: authentication filters that require interaction with the user will not work with ECP.
    Defaults to `false`.
@@ -263,22 +257,39 @@ The following SAML 2.0 options are available:
 :   Set to `TRUE` to enable the IdP to send responses according the [Holder-of-Key Web Browser SSO Profile](./simplesamlphp-hok-idp).
    Defaults to `FALSE`.
-`saml20.sign.response`
+`saml20.sendartifact`
-:   Whether `<samlp:Response>` messages should be signed.
+:   Set to `TRUE` to enable the IdP to send responses with the HTTP-Artifact binding.
+    Defaults to `FALSE`.
+:   Note that this requires a configured memcache server.
+`saml20.sign.assertion`
+:   Whether `<saml:Assertion>` elements should be signed.
    Defaults to `TRUE`.
 :   Note that this option also exists in the SP-remote metadata, and
    any value in the SP-remote metadata overrides the one configured
    in the IdP metadata.
-`saml20.sign.assertion`
+`saml20.sign.response`
-:   Whether `<saml:Assertion>` elements should be signed.
+:   Whether `<samlp:Response>` messages should be signed.
    Defaults to `TRUE`.
 :   Note that this option also exists in the SP-remote metadata, and
    any value in the SP-remote metadata overrides the one configured
    in the IdP metadata.
+`signature.algorithm`
+:   The algorithm to use when signing any message generated by this identity provider. Defaults to RSA-SHA256.
+:   Possible values:
+    * `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
+       *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
+    * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
+       The default.
+    * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
+    * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
 `sign.logout`
 :   Whether to sign logout messages sent from this IdP.
@@ -328,17 +339,6 @@ The following SAML 2.0 options are available:
 	specified will be kept in the metadata, making the first binding
 	the default one.
-`signature.algorithm`
-:   The algorithm to use when signing any message generated by this identity provider. Defaults to RSA-SHA256.
-:   Possible values:
-    * `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
-       *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
-    * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
-       The default.
-    * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
-    * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
 `validate.authnrequest`
 :   Whether we require signatures on authentication requests sent to this IdP.

--- a/docs/simplesamlphp-reference-idp-remote.md
+++ b/docs/simplesamlphp-reference-idp-remote.md
@@ -44,6 +44,18 @@ The following options are common between both the SAML 2.0 protocol and Shibbole
 `icon`
 :   A logo which will be shown next to this IdP in the discovery service.
+`name`
+:   The name of this IdP. Will be used by various modules when they need to show a name of the SP to the user.
+:   If this option is unset, the organization name will be used instead (if it is available).
+:   This option can be translated into multiple languages by specifying the value as an array of language-code to translated name:
+        'name' => [
+            'en' => 'A service',
+            'no' => 'En tjeneste',
+        ],
 `OrganizationName`
 :   The name of the organization responsible for this SPP.
    This name does not need to be suitable for display to end users.
@@ -73,18 +85,6 @@ The following options are common between both the SAML 2.0 protocol and Shibbole
 :   *Note*: If you specify this option, you must also specify the `OrganizationName` option.
-`name`
-:   The name of this IdP. Will be used by various modules when they need to show a name of the SP to the user.
-:   If this option is unset, the organization name will be used instead (if it is available).
-:   This option can be translated into multiple languages by specifying the value as an array of language-code to translated name:
-        'name' => [
-            'en' => 'A service',
-            'no' => 'En tjeneste',
-        ],
 `scope`
 :   An array with scopes valid for this IdP.
    The IdP will send scopes in scoped attributes, that is, attributes containing a value with an `@` sign and a domain name
@@ -169,6 +169,19 @@ The following SAML 2.0 options are available:
 :   For compatibility purposes, `null` is equivalent to Transient and a format
    can be defined as a string instead of an array. These variants are deprecated.
+`signature.algorithm`
+:   The algorithm to use when signing any message sent to this specific identity provider. Defaults to RSA-SHA256.
+:   Note that this option also exists in the SP configuration.
+    This value in the IdP remote metadata overrides the value in the SP configuration.
+:   Possible values:
+    * `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
+       *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
+    * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
+      The default.
+    * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
+    * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
 `sign.authnrequest`
 :   Whether to sign authentication requests sent to this IdP.
@@ -189,19 +202,6 @@ The following SAML 2.0 options are available:
 `SingleLogoutServiceResponse`
 :   Endpoint URL for logout responses. Overrides the `SingleLogoutService`-option for responses.
-`signature.algorithm`
-:   The algorithm to use when signing any message sent to this specific identity provider. Defaults to RSA-SHA256.
-:   Note that this option also exists in the SP configuration.
-    This value in the IdP remote metadata overrides the value in the SP configuration.
-:   Possible values:
-    * `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
-       *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
-    * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
-      The default.
-    * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
-    * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
 `SPNameQualifier`
 :   This corresponds to the SPNameQualifier in the SAML 2.0 specification. It allows to give subjects a SP specific namespace. This option is rarely used, so if you don't need it, leave it out. When left out, SimpleSAMLphp assumes the entityID of your SP as the SPNameQualifier.

--- a/docs/simplesamlphp-reference-sp-remote.md
+++ b/docs/simplesamlphp-reference-sp-remote.md
@@ -119,6 +119,21 @@ The following SAML 2.0 options are available:
 :   The value of this option is specified in one of several [endpoint formats](./simplesamlphp-metadata-endpoints).
+`attributeencodings`
+:   What encoding should be used for the different attributes. This is
+    an array which maps attribute names to attribute encodings. There
+    are three different encodings:
+:   -   `string`: Will include the attribute as a normal string. This is
+        the default.
+:   -   `base64`: Store the attribute as a base64 encoded string. This
+        is the default when the `base64attributes`-option is set to
+        `TRUE`.
+:   -   `raw`: Store the attribute without any modifications. This
+        makes it possible to include raw XML in the response.
 `attributes.NameFormat`
 :   What value will be set in the Format field of attribute
    statements. This parameter can be configured multiple places, and
@@ -151,6 +166,16 @@ The following SAML 2.0 options are available:
 :   (This option was previously named `AttributeNameFormat`.)
+`certData`
+:   The base64 encoded certificate for this SP. This is an alternative to storing the certificate in a file on disk and specifying the filename in the `certificate`-option.
+`certificate`
+:   Name of certificate file for this SP. The certificate is used to
+    verify the signature of messages received from the SP (if
+    `redirect.validate`is set to `TRUE`), and to encrypting assertions
+    (if `assertion.encryption` is set to TRUE and `sharedkey` is
+    unset.)
 `encryption.blacklisted-algorithms`
 :   Blacklisted encryption algorithms. This is an array containing the algorithm identifiers.
@@ -193,33 +218,6 @@ The following SAML 2.0 options are available:
    entry in the SP-remote metadata overrides the option in the
    [IdP-hosted metadata](./simplesamlphp-reference-idp-hosted).
-`SingleLogoutService`
-:   The URL of the SingleLogoutService endpoint for this SP.
-    This option is required if you want to implement single logout for
-    this SP. If the option isn't specified, this SP will not be logged
-    out automatically when a single logout operation is initialized.
-:   The value of this option is specified in one of several [endpoint formats](./simplesamlphp-metadata-endpoints).
-`SingleLogoutServiceResponse`
-:   The URL logout responses to this SP should be sent. If this option
-    is unspecified, the `SingleLogoutService` endpoint will be used as
-    the recipient of logout responses.
-`SPNameQualifier`
-:   SP NameQualifier for this SP. If not set, the IdP will set the
-    SPNameQualifier to be the SP entity ID.
-`certData`
-:   The base64 encoded certificate for this SP. This is an alternative to storing the certificate in a file on disk and specifying the filename in the `certificate`-option.
-`certificate`
-:   Name of certificate file for this SP. The certificate is used to
-    verify the signature of messages received from the SP (if
-    `redirect.validate`is set to `TRUE`), and to encrypting assertions
-    (if `assertion.encryption` is set to TRUE and `sharedkey` is
-    unset.)
 `saml20.sign.response`
 :   Whether `<samlp:Response>` messages should be signed.
    Defaults to `TRUE`.
@@ -259,6 +257,12 @@ The following SAML 2.0 options are available:
 :   Certificate file included by IdP for KeyInfo within the signature for the SP, in PEM format. The filename is relative to the cert/-directory.
 :   If `signature.privatekey` is present and `signature.certificate` is left blank, X509Certificate will not be included with the signature.
+`sign.logout`
+:   Whether to sign logout messages sent to this SP.
+:   Note that this option also exists in the IdP-hosted metadata.
+    The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
 `simplesaml.nameidattribute`
 :   When the value of the `NameIDFormat`-option is set to either
    `email` or `persistent`, this is the name of the attribute which
@@ -276,26 +280,22 @@ The following SAML 2.0 options are available:
 :   Whether the SP should receive any attributes from the IdP. The
    default value is `TRUE`.
-`attributeencodings`
+`SingleLogoutService`
-:   What encoding should be used for the different attributes. This is
+:   The URL of the SingleLogoutService endpoint for this SP.
-    an array which maps attribute names to attribute encodings. There
+    This option is required if you want to implement single logout for
-    are three different encodings:
+    this SP. If the option isn't specified, this SP will not be logged
+    out automatically when a single logout operation is initialized.
-:   -   `string`: Will include the attribute as a normal string. This is
-        the default.
-:   -   `base64`: Store the attribute as a base64 encoded string. This
-        is the default when the `base64attributes`-option is set to
-        `TRUE`.
-:   -   `raw`: Store the attribute without any modifications. This
+:   The value of this option is specified in one of several [endpoint formats](./simplesamlphp-metadata-endpoints).
-        makes it possible to include raw XML in the response.
-`sign.logout`
+`SingleLogoutServiceResponse`
-:   Whether to sign logout messages sent to this SP.
+:   The URL logout responses to this SP should be sent. If this option
+    is unspecified, the `SingleLogoutService` endpoint will be used as
+    the recipient of logout responses.
-:   Note that this option also exists in the IdP-hosted metadata.
+`SPNameQualifier`
-    The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
+:   SP NameQualifier for this SP. If not set, the IdP will set the
+    SPNameQualifier to be the SP entity ID.
 `validate.authnrequest`
 :   Whether we require signatures on authentication requests sent from this SP.
@@ -383,6 +383,11 @@ Shibboleth 1.3 options
 The following options for Shibboleth 1.3 SP's are avaiblable:
+`audience`
+:   The value which should be given in the `<Audience>`-element in the
+    `<AudienceRestrictionCondition>`-element in the response. The
+    default value is the entity ID of the SP.
 `AssertionConsumerService`
 :   The URL of the AssertionConsumerService endpoint for this SP.
    This endpoint must accept the SAML responses encoded with the
@@ -397,11 +402,6 @@ The following options for Shibboleth 1.3 SP's are avaiblable:
    `<NameIdentifier>`-element should be. The default value is the
    entity ID of the SP.
-`audience`
-:   The value which should be given in the `<Audience>`-element in the
-    `<AudienceRestrictionCondition>`-element in the response. The
-    default value is the entity ID of the SP.
 `scopedattributes`
 :   Array with names of attributes which should be scoped. Scoped
    attributes will receive a `Scope`-attribute on the