mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 19:26:31 -05:00
allow to set a saml client certificate
Signed-off-by: Simeon Keske <git@n0emis.eu>
This commit is contained in:
Simeon Keske
Leo Maroni
parent
3db8b0df43
commit
17f0067ab2
4 changed files with 16 additions and 12 deletions
|
|
@ -198,9 +198,10 @@ these are rarely used for various reasons.
|
||||||
|
|
||||||
| config file | environment | example value | description |
|
| config file | environment | example value | description |
|
||||||
| ----------- | --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
| ----------- | --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||||
| `saml` | | `{idpSsoUrl: ..., idpCert: ..., issuer: ..., identifierFormat: ..., disableRequestedAuthnContext: ..., groupAttribute: ..., externalGroups: [], requiredGroups: [], attribute: {id: ..., username: ..., email: ...}}` | An object detailing your SAML provider. Refer to the [OneLogin](guides/auth/saml-onelogin.md) and [SAML](guides/auth/saml.md) guides for more details! |
|
| `saml` | | `{idpSsoUrl: ..., idpCert: ..., clientCert: ..., issuer: ..., identifierFormat: ..., disableRequestedAuthnContext: ..., groupAttribute: ..., externalGroups: [], requiredGroups: [], attribute: {id: ..., username: ..., email: ...}}` | An object detailing your SAML provider. Refer to the [OneLogin](guides/auth/saml-onelogin.md) and [SAML](guides/auth/saml.md) guides for more details! |
|
||||||
| | `CMD_SAML_IDPSSOURL` | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](guides/auth/saml-onelogin.md). |
|
| | `CMD_SAML_IDPSSOURL` | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](guides/auth/saml-onelogin.md). |
|
||||||
| | `CMD_SAML_IDPCERT` | `/path/to/cert.pem` | certificate file path of IdP in PEM format |
|
| | `CMD_SAML_IDPCERT` | `/path/to/cert.pem` | certificate file path of IdP in PEM format |
|
||||||
|
| | `CMD_SAML_CLIENTCERT` | `/path/to/privatecert.pem` | certificate file path for the client in PEM format (optional) |
|
||||||
| | `CMD_SAML_ISSUER` | no example | Issuer to supply to identity provider (optional, default: `serverURL` config)" |
|
| | `CMD_SAML_ISSUER` | no example | Issuer to supply to identity provider (optional, default: `serverURL` config)" |
|
||||||
| | `CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT` | `true` or `false` | true to allow any authentication method, false restricts to password authentication (PasswordProtectedTransport) method (default: false) |
|
| | `CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT` | `true` or `false` | true to allow any authentication method, false restricts to password authentication (PasswordProtectedTransport) method (default: false) |
|
||||||
| | `CMD_SAML_IDENTIFIERFORMAT` | no example | name identifier format (optional, default: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`) |
|
| | `CMD_SAML_IDENTIFIERFORMAT` | no example | name identifier format (optional, default: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`) |
|
||||||
|
|
|
||||||
|
|
@ -143,6 +143,7 @@ module.exports = {
|
||||||
saml: {
|
saml: {
|
||||||
idpSsoUrl: undefined,
|
idpSsoUrl: undefined,
|
||||||
idpCert: undefined,
|
idpCert: undefined,
|
||||||
|
clientCert: undefined,
|
||||||
issuer: undefined,
|
issuer: undefined,
|
||||||
identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
||||||
disableRequestedAuthnContext: false,
|
disableRequestedAuthnContext: false,
|
||||||
|
|
|
||||||
|
|
@ -120,6 +120,7 @@ module.exports = {
|
||||||
saml: {
|
saml: {
|
||||||
idpSsoUrl: process.env.CMD_SAML_IDPSSOURL,
|
idpSsoUrl: process.env.CMD_SAML_IDPSSOURL,
|
||||||
idpCert: process.env.CMD_SAML_IDPCERT,
|
idpCert: process.env.CMD_SAML_IDPCERT,
|
||||||
|
clientCert: process.env.CMD_SAML_CLIENTCERT,
|
||||||
issuer: process.env.CMD_SAML_ISSUER,
|
issuer: process.env.CMD_SAML_ISSUER,
|
||||||
identifierFormat: process.env.CMD_SAML_IDENTIFIERFORMAT,
|
identifierFormat: process.env.CMD_SAML_IDENTIFIERFORMAT,
|
||||||
disableRequestedAuthnContext: toBooleanConfig(process.env.CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT),
|
disableRequestedAuthnContext: toBooleanConfig(process.env.CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT),
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ passport.use(new SamlStrategy({
|
||||||
entryPoint: config.saml.idpSsoUrl,
|
entryPoint: config.saml.idpSsoUrl,
|
||||||
issuer: config.saml.issuer || config.serverURL,
|
issuer: config.saml.issuer || config.serverURL,
|
||||||
cert: fs.readFileSync(config.saml.idpCert, 'utf-8'),
|
cert: fs.readFileSync(config.saml.idpCert, 'utf-8'),
|
||||||
|
privateCert: config.saml.clientCert === undefined ? undefined : fs.readFileSync(config.saml.clientCert, 'utf-8'),
|
||||||
identifierFormat: config.saml.identifierFormat,
|
identifierFormat: config.saml.identifierFormat,
|
||||||
disableRequestedAuthnContext: config.saml.disableRequestedAuthnContext
|
disableRequestedAuthnContext: config.saml.disableRequestedAuthnContext
|
||||||
}, function (user, done) {
|
}, function (user, done) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue