ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
authsources.php
Go to the documentation of this file.
1 <?php
2 
3 $config = array(
4 
5  // This is a authentication source which handles admin authentication.
6  'admin' => array(
7  // The default is to use core:AdminPassword, but it can be replaced with
8  // any authentication source.
9 
10  'core:AdminPassword',
11  ),
12 
13 
14  // An authentication source which can authenticate against both SAML 2.0
15  // and Shibboleth 1.3 IdPs.
16  'default-sp' => array(
17  'saml:SP',
18 
19  // The entity ID of this SP.
20  // Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
21  'entityID' => null,
22 
23  // The entity ID of the IdP this should SP should contact.
24  // Can be NULL/unset, in which case the user will be shown a list of available IdPs.
25  'idp' => null,
26 
27  // The URL to the discovery service.
28  // Can be NULL/unset, in which case a builtin discovery service will be used.
29  'discoURL' => null,
30 
31  /*
32  * The attributes parameter must contain an array of desired attributes by the SP.
33  * The attributes can be expressed as an array of names or as an associative array
34  * in the form of 'friendlyName' => 'name'. This feature requires 'name' to be set.
35  * The metadata will then be created as follows:
36  * <md:RequestedAttribute FriendlyName="friendlyName" Name="name" />
37  */
38  /*'name' => array(
39  'en' => 'A service',
40  'no' => 'En tjeneste',
41  ),
42 
43  'attributes' => array(
44  'attrname' => 'urn:oid:x.x.x.x',
45  ),*/
46  /*'attributes.required' => array (
47  'urn:oid:x.x.x.x',
48  ),*/
49  ),
50 
51 
52  /*
53  'example-sql' => array(
54  'sqlauth:SQL',
55  'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
56  'username' => 'simplesaml',
57  'password' => 'secretpassword',
58  'query' => 'SELECT uid, givenName, email, eduPersonPrincipalName FROM users WHERE uid = :username AND password = SHA2(CONCAT((SELECT salt FROM users WHERE uid = :username), :password),256);',
59  ),
60  */
61 
62  /*
63  'example-static' => array(
64  'exampleauth:Static',
65  'uid' => array('testuser'),
66  'eduPersonAffiliation' => array('member', 'employee'),
67  'cn' => array('Test User'),
68  ),
69  */
70 
71  /*
72  'example-userpass' => array(
73  'exampleauth:UserPass',
74 
75  // Give the user an option to save their username for future login attempts
76  // And when enabled, what should the default be, to save the username or not
77  //'remember.username.enabled' => FALSE,
78  //'remember.username.checked' => FALSE,
79 
80  'student:studentpass' => array(
81  'uid' => array('test'),
82  'eduPersonAffiliation' => array('member', 'student'),
83  ),
84  'employee:employeepass' => array(
85  'uid' => array('employee'),
86  'eduPersonAffiliation' => array('member', 'employee'),
87  ),
88  ),
89  */
90 
91  /*
92  'crypto-hash' => array(
93  'authcrypt:Hash',
94  // hashed version of 'verysecret', made with bin/pwgen.php
95  'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
96  'uid' => array('prof_a'),
97  'eduPersonAffiliation' => array('member', 'employee', 'board'),
98  ),
99  ),
100  */
101 
102  /*
103  'htpasswd' => array(
104  'authcrypt:Htpasswd',
105  'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
106  'static_attributes' => array(
107  'eduPersonAffiliation' => array('member', 'employee'),
108  'Organization' => array('University of Foo'),
109  ),
110  ),
111  */
112 
113  /*
114  // This authentication source serves as an example of integration with an
115  // external authentication engine. Take a look at the comment in the beginning
116  // of modules/exampleauth/lib/Auth/Source/External.php for a description of
117  // how to adjust it to your own site.
118  'example-external' => array(
119  'exampleauth:External',
120  ),
121  */
122 
123  /*
124  'yubikey' => array(
125  'authYubiKey:YubiKey',
126  'id' => '000',
127  // 'key' => '012345678',
128  ),
129  */
130 
131  /*
132  'facebook' => array(
133  'authfacebook:Facebook',
134  // Register your Facebook application on http://www.facebook.com/developers
135  // App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
136  'api_key' => 'xxxxxxxxxxxxxxxx',
137  // App Secret
138  'secret' => 'xxxxxxxxxxxxxxxx',
139  // which additional data permissions to request from user
140  // see http://developers.facebook.com/docs/authentication/permissions/ for the full list
141  // 'req_perms' => 'email,user_birthday',
142  // Which additional user profile fields to request.
143  // When empty, only the app-specific user id and name will be returned
144  // See https://developers.facebook.com/docs/graph-api/reference/v2.6/user for the full list
145  // 'user_fields' => 'email,birthday,third_party_id,name,first_name,last_name',
146  ),
147  */
148 
149  /*
150  // LinkedIn OAuth Authentication API.
151  // Register your application to get an API key here:
152  // https://www.linkedin.com/secure/developer
153  // Attributes definition:
154  // https://developer.linkedin.com/docs/fields
155  'linkedin' => array(
156  'authlinkedin:LinkedIn',
157  'key' => 'xxxxxxxxxxxxxxxx',
158  'secret' => 'xxxxxxxxxxxxxxxx',
159  'attributes' => 'id,first-name,last-name,headline,summary,specialties,picture-url,email-address',
160  ),
161  */
162 
163  /*
164  // Twitter OAuth Authentication API.
165  // Register your application to get an API key here:
166  // http://twitter.com/oauth_clients
167  'twitter' => array(
168  'authtwitter:Twitter',
169  'key' => 'xxxxxxxxxxxxxxxx',
170  'secret' => 'xxxxxxxxxxxxxxxx',
171 
172  // Forces the user to enter their credentials to ensure the correct users account is authorized.
173  // Details: https://dev.twitter.com/docs/api/1/get/oauth/authenticate
174  'force_login' => FALSE,
175  ),
176  */
177 
178  /*
179  // Microsoft Account (Windows Live ID) Authentication API.
180  // Register your application to get an API key here:
181  // https://apps.dev.microsoft.com/
182  'windowslive' => array(
183  'authwindowslive:LiveID',
184  'key' => 'xxxxxxxxxxxxxxxx',
185  'secret' => 'xxxxxxxxxxxxxxxx',
186  ),
187  */
188 
189  /*
190  // Example of a LDAP authentication source.
191  'example-ldap' => array(
192  'ldap:LDAP',
193 
194  // Give the user an option to save their username for future login attempts
195  // And when enabled, what should the default be, to save the username or not
196  //'remember.username.enabled' => FALSE,
197  //'remember.username.checked' => FALSE,
198 
199  // The hostname of the LDAP server.
200  'hostname' => 'ldap.example.org',
201 
202  // Whether SSL/TLS should be used when contacting the LDAP server.
203  'enable_tls' => TRUE,
204 
205  // Whether debug output from the LDAP library should be enabled.
206  // Default is FALSE.
207  'debug' => FALSE,
208 
209  // The timeout for accessing the LDAP server, in seconds.
210  // The default is 0, which means no timeout.
211  'timeout' => 0,
212 
213  // The port used when accessing the LDAP server.
214  // The default is 389.
215  'port' => 389,
216 
217  // Set whether to follow referrals. AD Controllers may require FALSE to function.
218  'referrals' => TRUE,
219 
220  // Which attributes should be retrieved from the LDAP server.
221  // This can be an array of attribute names, or NULL, in which case
222  // all attributes are fetched.
223  'attributes' => NULL,
224 
225  // The pattern which should be used to create the users DN given the username.
226  // %username% in this pattern will be replaced with the users username.
227  //
228  // This option is not used if the search.enable option is set to TRUE.
229  'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
230 
231  // As an alternative to specifying a pattern for the users DN, it is possible to
232  // search for the username in a set of attributes. This is enabled by this option.
233  'search.enable' => FALSE,
234 
235  // The DN which will be used as a base for the search.
236  // This can be a single string, in which case only that DN is searched, or an
237  // array of strings, in which case they will be searched in the order given.
238  'search.base' => 'ou=people,dc=example,dc=org',
239 
240  // The attribute(s) the username should match against.
241  //
242  // This is an array with one or more attribute names. Any of the attributes in
243  // the array may match the value the username.
244  'search.attributes' => array('uid', 'mail'),
245 
246  // Additional LDAP filters appended to the search attributes
247  'search.filter' => '(objectclass=inetorgperson)',
248 
249  // The username & password the SimpleSAMLphp should bind to before searching. If
250  // this is left as NULL, no bind will be performed before searching.
251  'search.username' => NULL,
252  'search.password' => NULL,
253 
254  // If the directory uses privilege separation,
255  // the authenticated user may not be able to retrieve
256  // all required attribures, a privileged entity is required
257  // to get them. This is enabled with this option.
258  'priv.read' => FALSE,
259 
260  // The DN & password the SimpleSAMLphp should bind to before
261  // retrieving attributes. These options are required if
262  // 'priv.read' is set to TRUE.
263  'priv.username' => NULL,
264  'priv.password' => NULL,
265 
266  ),
267  */
268 
269  /*
270  // Example of an LDAPMulti authentication source.
271  'example-ldapmulti' => array(
272  'ldap:LDAPMulti',
273 
274  // Give the user an option to save their username for future login attempts
275  // And when enabled, what should the default be, to save the username or not
276  //'remember.username.enabled' => FALSE,
277  //'remember.username.checked' => FALSE,
278 
279  // The way the organization as part of the username should be handled.
280  // Three possible values:
281  // - 'none': No handling of the organization. Allows '@' to be part
282  // of the username.
283  // - 'allow': Will allow users to type 'username@organization'.
284  // - 'force': Force users to type 'username@organization'. The dropdown
285  // list will be hidden.
286  //
287  // The default is 'none'.
288  'username_organization_method' => 'none',
289 
290  // Whether the organization should be included as part of the username
291  // when authenticating. If this is set to TRUE, the username will be on
292  // the form <username>@<organization identifier>. If this is FALSE, the
293  // username will be used as the user enters it.
294  //
295  // The default is FALSE.
296  'include_organization_in_username' => FALSE,
297 
298  // A list of available LDAP servers.
299  //
300  // The index is an identifier for the organization/group. When
301  // 'username_organization_method' is set to something other than 'none',
302  // the organization-part of the username is matched against the index.
303  //
304  // The value of each element is an array in the same format as an LDAP
305  // authentication source.
306  'employees' => array(
307  // A short name/description for this group. Will be shown in a dropdown list
308  // when the user logs on.
309  //
310  // This option can be a string or an array with language => text mappings.
311  'description' => 'Employees',
312 
313  // The rest of the options are the same as those available for
314  // the LDAP authentication source.
315  'hostname' => 'ldap.employees.example.org',
316  'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
317  ),
318 
319  'students' => array(
320  'description' => 'Students',
321 
322  'hostname' => 'ldap.students.example.org',
323  'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
324  ),
325 
326  ),
327  */
328 
329 );
$config
$config
Definition: authsources.php:3