ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
authsources.php
Go to the documentation of this file.
1<?php
2
3$config = array(
4
5 // This is a authentication source which handles admin authentication.
6 'admin' => array(
7 // The default is to use core:AdminPassword, but it can be replaced with
8 // any authentication source.
9
10 'core:AdminPassword',
11 ),
12
13
14 // An authentication source which can authenticate against both SAML 2.0
15 // and Shibboleth 1.3 IdPs.
16 'default-sp' => array(
17 'saml:SP',
18
19 // The entity ID of this SP.
20 // Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
21 'entityID' => null,
22
23 // The entity ID of the IdP this should SP should contact.
24 // Can be NULL/unset, in which case the user will be shown a list of available IdPs.
25 'idp' => null,
26
27 // The URL to the discovery service.
28 // Can be NULL/unset, in which case a builtin discovery service will be used.
29 'discoURL' => null,
30
31 /*
32 * WARNING: SHA-1 is disallowed starting January the 1st, 2014.
33 *
34 * Uncomment the following option to start using SHA-256 for your signatures.
35 * Currently, SimpleSAMLphp defaults to SHA-1, which has been deprecated since
36 * 2011, and will be disallowed by NIST as of 2014. Please refer to the following
37 * document for more information:
38 *
39 * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
40 *
41 * If you are uncertain about identity providers supporting SHA-256 or other
42 * algorithms of the SHA-2 family, you can configure it individually in the
43 * IdP-remote metadata set for those that support it. Once you are certain that
44 * all your configured IdPs support SHA-2, you can safely remove the configuration
45 * options in the IdP-remote metadata set and uncomment the following option.
46 *
47 * Please refer to the hosted SP configuration reference for more information.
48 */
49 //'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
50
51 /*
52 * The attributes parameter must contain an array of desired attributes by the SP.
53 * The attributes can be expressed as an array of names or as an associative array
54 * in the form of 'friendlyName' => 'name'. This feature requires 'name' to be set.
55 * The metadata will then be created as follows:
56 * <md:RequestedAttribute FriendlyName="friendlyName" Name="name" />
57 */
58 /*'name' => array(
59 'en' => 'A service',
60 'no' => 'En tjeneste',
61 ),
62
63 'attributes' => array(
64 'attrname' => 'urn:oid:x.x.x.x',
65 ),*/
66 /*'attributes.required' => array (
67 'urn:oid:x.x.x.x',
68 ),*/
69 ),
70
71
72 /*
73 'example-sql' => array(
74 'sqlauth:SQL',
75 'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
76 'username' => 'simplesaml',
77 'password' => 'secretpassword',
78 'query' => 'SELECT uid, givenName, email, eduPersonPrincipalName FROM users WHERE uid = :username AND password = SHA2(CONCAT((SELECT salt FROM users WHERE uid = :username), :password),256);',
79 ),
80 */
81
82 /*
83 'example-static' => array(
84 'exampleauth:Static',
85 'uid' => array('testuser'),
86 'eduPersonAffiliation' => array('member', 'employee'),
87 'cn' => array('Test User'),
88 ),
89 */
90
91 /*
92 'example-userpass' => array(
93 'exampleauth:UserPass',
94
95 // Give the user an option to save their username for future login attempts
96 // And when enabled, what should the default be, to save the username or not
97 //'remember.username.enabled' => FALSE,
98 //'remember.username.checked' => FALSE,
99
100 'student:studentpass' => array(
101 'uid' => array('test'),
102 'eduPersonAffiliation' => array('member', 'student'),
103 ),
104 'employee:employeepass' => array(
105 'uid' => array('employee'),
106 'eduPersonAffiliation' => array('member', 'employee'),
107 ),
108 ),
109 */
110
111 /*
112 'crypto-hash' => array(
113 'authcrypt:Hash',
114 // hashed version of 'verysecret', made with bin/pwgen.php
115 'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
116 'uid' => array('prof_a'),
117 'eduPersonAffiliation' => array('member', 'employee', 'board'),
118 ),
119 ),
120 */
121
122 /*
123 'htpasswd' => array(
124 'authcrypt:Htpasswd',
125 'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
126 'static_attributes' => array(
127 'eduPersonAffiliation' => array('member', 'employee'),
128 'Organization' => array('University of Foo'),
129 ),
130 ),
131 */
132
133 /*
134 // This authentication source serves as an example of integration with an
135 // external authentication engine. Take a look at the comment in the beginning
136 // of modules/exampleauth/lib/Auth/Source/External.php for a description of
137 // how to adjust it to your own site.
138 'example-external' => array(
139 'exampleauth:External',
140 ),
141 */
142
143 /*
144 'yubikey' => array(
145 'authYubiKey:YubiKey',
146 'id' => '000',
147 // 'key' => '012345678',
148 ),
149 */
150
151 /*
152 'openid' => array(
153 'openid:OpenIDConsumer',
154 'attributes.required' => array('nickname'),
155 'attributes.optional' => array('fullname', 'email',),
156 // 'sreg.validate' => FALSE,
157 'attributes.ax_required' => array('http://axschema.org/namePerson/friendly'),
158 'attributes.ax_optional' => array('http://axschema.org/namePerson','http://axschema.org/contact/email'),
159 // Prefer HTTP redirect over POST
160 // 'prefer_http_redirect' => FALSE,
161 ),
162 */
163
164 /*
165 // Example of an authsource that authenticates against Google.
166 // See: http://code.google.com/apis/accounts/docs/OpenID.html
167 'google' => array(
168 'openid:OpenIDConsumer',
169 // Googles OpenID endpoint.
170 'target' => 'https://www.google.com/accounts/o8/id',
171 // Custom realm
172 // 'realm' => 'http://*.example.org',
173 // Attributes that google can supply.
174 'attributes.ax_required' => array(
175 //'http://axschema.org/namePerson/first',
176 //'http://axschema.org/namePerson/last',
177 //'http://axschema.org/contact/email',
178 //'http://axschema.org/contact/country/home',
179 //'http://axschema.org/pref/language',
180 ),
181 // custom extension arguments
182 'extension.args' => array(
183 //'http://specs.openid.net/extensions/ui/1.0' => array(
184 // 'mode' => 'popup',
185 // 'icon' => 'true',
186 //),
187 ),
188 ),
189 */
190
191 /*
192 'papi' => array(
193 'authpapi:PAPI',
194 ),
195 */
196
197
198 /*
199 'facebook' => array(
200 'authfacebook:Facebook',
201 // Register your Facebook application on http://www.facebook.com/developers
202 // App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
203 'api_key' => 'xxxxxxxxxxxxxxxx',
204 // App Secret
205 'secret' => 'xxxxxxxxxxxxxxxx',
206 // which additional data permissions to request from user
207 // see http://developers.facebook.com/docs/authentication/permissions/ for the full list
208 // 'req_perms' => 'email,user_birthday',
209 // Which additional user profile fields to request.
210 // When empty, only the app-specific user id and name will be returned
211 // See https://developers.facebook.com/docs/graph-api/reference/v2.6/user for the full list
212 // 'user_fields' => 'email,birthday,third_party_id,name,first_name,last_name',
213 ),
214 */
215
216 /*
217 // LinkedIn OAuth Authentication API.
218 // Register your application to get an API key here:
219 // https://www.linkedin.com/secure/developer
220 // Attributes definition:
221 // https://developer.linkedin.com/docs/fields
222 'linkedin' => array(
223 'authlinkedin:LinkedIn',
224 'key' => 'xxxxxxxxxxxxxxxx',
225 'secret' => 'xxxxxxxxxxxxxxxx',
226 'attributes' => 'id,first-name,last-name,headline,summary,specialties,picture-url,email-address',
227 ),
228 */
229
230 /*
231 // Twitter OAuth Authentication API.
232 // Register your application to get an API key here:
233 // http://twitter.com/oauth_clients
234 'twitter' => array(
235 'authtwitter:Twitter',
236 'key' => 'xxxxxxxxxxxxxxxx',
237 'secret' => 'xxxxxxxxxxxxxxxx',
238
239 // Forces the user to enter their credentials to ensure the correct users account is authorized.
240 // Details: https://dev.twitter.com/docs/api/1/get/oauth/authenticate
241 'force_login' => FALSE,
242 ),
243 */
244
245 /*
246 // MySpace OAuth Authentication API.
247 // Register your application to get an API key here:
248 // http://developer.myspace.com/
249 'myspace' => array(
250 'authmyspace:MySpace',
251 'key' => 'xxxxxxxxxxxxxxxx',
252 'secret' => 'xxxxxxxxxxxxxxxx',
253 ),
254 */
255
256 /*
257 // Microsoft Account (Windows Live ID) Authentication API.
258 // Register your application to get an API key here:
259 // https://apps.dev.microsoft.com/
260 'windowslive' => array(
261 'authwindowslive:LiveID',
262 'key' => 'xxxxxxxxxxxxxxxx',
263 'secret' => 'xxxxxxxxxxxxxxxx',
264 ),
265 */
266
267 /*
268 // Example of a LDAP authentication source.
269 'example-ldap' => array(
270 'ldap:LDAP',
271
272 // Give the user an option to save their username for future login attempts
273 // And when enabled, what should the default be, to save the username or not
274 //'remember.username.enabled' => FALSE,
275 //'remember.username.checked' => FALSE,
276
277 // The hostname of the LDAP server.
278 'hostname' => 'ldap.example.org',
279
280 // Whether SSL/TLS should be used when contacting the LDAP server.
281 'enable_tls' => TRUE,
282
283 // Whether debug output from the LDAP library should be enabled.
284 // Default is FALSE.
285 'debug' => FALSE,
286
287 // The timeout for accessing the LDAP server, in seconds.
288 // The default is 0, which means no timeout.
289 'timeout' => 0,
290
291 // The port used when accessing the LDAP server.
292 // The default is 389.
293 'port' => 389,
294
295 // Set whether to follow referrals. AD Controllers may require FALSE to function.
296 'referrals' => TRUE,
297
298 // Which attributes should be retrieved from the LDAP server.
299 // This can be an array of attribute names, or NULL, in which case
300 // all attributes are fetched.
301 'attributes' => NULL,
302
303 // The pattern which should be used to create the users DN given the username.
304 // %username% in this pattern will be replaced with the users username.
305 //
306 // This option is not used if the search.enable option is set to TRUE.
307 'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
308
309 // As an alternative to specifying a pattern for the users DN, it is possible to
310 // search for the username in a set of attributes. This is enabled by this option.
311 'search.enable' => FALSE,
312
313 // The DN which will be used as a base for the search.
314 // This can be a single string, in which case only that DN is searched, or an
315 // array of strings, in which case they will be searched in the order given.
316 'search.base' => 'ou=people,dc=example,dc=org',
317
318 // The attribute(s) the username should match against.
319 //
320 // This is an array with one or more attribute names. Any of the attributes in
321 // the array may match the value the username.
322 'search.attributes' => array('uid', 'mail'),
323
324 // Additional LDAP filters appended to the search attributes
325 'search.filter' => '(objectclass=inetorgperson)',
326
327 // The username & password the SimpleSAMLphp should bind to before searching. If
328 // this is left as NULL, no bind will be performed before searching.
329 'search.username' => NULL,
330 'search.password' => NULL,
331
332 // If the directory uses privilege separation,
333 // the authenticated user may not be able to retrieve
334 // all required attribures, a privileged entity is required
335 // to get them. This is enabled with this option.
336 'priv.read' => FALSE,
337
338 // The DN & password the SimpleSAMLphp should bind to before
339 // retrieving attributes. These options are required if
340 // 'priv.read' is set to TRUE.
341 'priv.username' => NULL,
342 'priv.password' => NULL,
343
344 ),
345 */
346
347 /*
348 // Example of an LDAPMulti authentication source.
349 'example-ldapmulti' => array(
350 'ldap:LDAPMulti',
351
352 // Give the user an option to save their username for future login attempts
353 // And when enabled, what should the default be, to save the username or not
354 //'remember.username.enabled' => FALSE,
355 //'remember.username.checked' => FALSE,
356
357 // The way the organization as part of the username should be handled.
358 // Three possible values:
359 // - 'none': No handling of the organization. Allows '@' to be part
360 // of the username.
361 // - 'allow': Will allow users to type 'username@organization'.
362 // - 'force': Force users to type 'username@organization'. The dropdown
363 // list will be hidden.
364 //
365 // The default is 'none'.
366 'username_organization_method' => 'none',
367
368 // Whether the organization should be included as part of the username
369 // when authenticating. If this is set to TRUE, the username will be on
370 // the form <username>@<organization identifier>. If this is FALSE, the
371 // username will be used as the user enters it.
372 //
373 // The default is FALSE.
374 'include_organization_in_username' => FALSE,
375
376 // A list of available LDAP servers.
377 //
378 // The index is an identifier for the organization/group. When
379 // 'username_organization_method' is set to something other than 'none',
380 // the organization-part of the username is matched against the index.
381 //
382 // The value of each element is an array in the same format as an LDAP
383 // authentication source.
384 'employees' => array(
385 // A short name/description for this group. Will be shown in a dropdown list
386 // when the user logs on.
387 //
388 // This option can be a string or an array with language => text mappings.
389 'description' => 'Employees',
390
391 // The rest of the options are the same as those available for
392 // the LDAP authentication source.
393 'hostname' => 'ldap.employees.example.org',
394 'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
395 ),
396
397 'students' => array(
398 'description' => 'Students',
399
400 'hostname' => 'ldap.students.example.org',
401 'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
402 ),
403
404 ),
405 */
406
407);
$config
$config
Definition: authsources.php:3
php
An exception for terminatinating execution or to throw for unit testing.