--- /dev/null
+<?php
+
+//This is variable is an example - Just make sure that the urls in the 'idp' config are ok.
+$idp_host = env('SAML2_IDP_HOST', 'http://localhost:8000/simplesaml');
+
+return $settings = array(
+
+ /**
+ * Whether the SAML login is enabled
+ */
+ 'enabled' => env("SAML2_ENABLED", false),
+
+ /**
+ * If 'useRoutes' is set to true, the package defines five new routes:
+ *
+ * Method | URI | Name
+ * -------|--------------------------|------------------
+ * POST | {routesPrefix}/acs | saml_acs
+ * GET | {routesPrefix}/login | saml_login
+ * GET | {routesPrefix}/logout | saml_logout
+ * GET | {routesPrefix}/metadata | saml_metadata
+ * GET | {routesPrefix}/sls | saml_sls
+ */
+ 'useRoutes' => true,
+
+ 'routesPrefix' => '/saml2',
+
+ /**
+ * which middleware group to use for the saml routes
+ * Laravel 5.2 will need a group which includes StartSession
+ */
+ 'routesMiddleware' => [],
+
+ /**
+ * Indicates how the parameters will be
+ * retrieved from the sls request for signature validation
+ */
+ 'retrieveParametersFromServer' => false,
+
+ /**
+ * Where to redirect after logout
+ */
+ 'logoutRoute' => '/',
+
+ /**
+ * Where to redirect after login if no other option was provided
+ */
+ 'loginRoute' => '/',
+
+
+ /**
+ * Where to redirect after login if no other option was provided
+ */
+ 'errorRoute' => '/',
+
+
+
+
+ /*****
+ * One Login Settings
+ */
+
+
+
+ // If 'strict' is True, then the PHP Toolkit will reject unsigned
+ // or unencrypted messages if it expects them signed or encrypted
+ // Also will reject the messages if not strictly follow the SAML
+ // standard: Destination, NameId, Conditions ... are validated too.
+ 'strict' => true, //@todo: make this depend on laravel config
+
+ // Enable debug mode (to print errors)
+ 'debug' => env('APP_DEBUG', false),
+
+ // If 'proxyVars' is True, then the Saml lib will trust proxy headers
+ // e.g X-Forwarded-Proto / HTTP_X_FORWARDED_PROTO. This is useful if
+ // your application is running behind a load balancer which terminates
+ // SSL.
+ 'proxyVars' => false,
+
+ // Service Provider Data that we are deploying
+ 'sp' => array(
+
+ // Specifies constraints on the name identifier to be used to
+ // represent the requested subject.
+ // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
+ 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
+
+ // Usually x509cert and privateKey of the SP are provided by files placed at
+ // the certs folder. But we can also provide them with the following parameters
+ 'x509cert' => env('SAML2_SP_x509',''),
+ 'privateKey' => env('SAML2_SP_PRIVATEKEY',''),
+
+ // Identifier (URI) of the SP entity.
+ // Leave blank to use the 'saml_metadata' route.
+ 'entityId' => env('SAML2_SP_ENTITYID',''),
+
+ // Specifies info about where and how the <AuthnResponse> message MUST be
+ // returned to the requester, in this case our SP.
+ 'assertionConsumerService' => array(
+ // URL Location where the <Response> from the IdP will be returned,
+ // using HTTP-POST binding.
+ // Leave blank to use the 'saml_acs' route
+ 'url' => '',
+ ),
+ // Specifies info about where and how the <Logout Response> message MUST be
+ // returned to the requester, in this case our SP.
+ // Remove this part to not include any URL Location in the metadata.
+ 'singleLogoutService' => array(
+ // URL Location where the <Response> from the IdP will be returned,
+ // using HTTP-Redirect binding.
+ // Leave blank to use the 'saml_sls' route
+ 'url' => '',
+ ),
+ ),
+
+ // Identity Provider Data that we want connect with our SP
+ 'idp' => array(
+ // Identifier of the IdP entity (must be a URI)
+ 'entityId' => env('SAML2_IDP_ENTITYID', $idp_host . '/saml2/idp/metadata.php'),
+ // SSO endpoint info of the IdP. (Authentication Request protocol)
+ 'singleSignOnService' => array(
+ // URL Target of the IdP where the SP will send the Authentication Request Message,
+ // using HTTP-Redirect binding.
+ 'url' => env('SAML2_IDP_SSO', $idp_host . '/saml2/idp/SSOService.php'),
+ ),
+ // SLO endpoint info of the IdP.
+ 'singleLogoutService' => array(
+ // URL Location of the IdP where the SP will send the SLO Request,
+ // using HTTP-Redirect binding.
+ 'url' => env('SAML2_IDP_SLO', $idp_host . '/saml2/idp/SingleLogoutService.php'),
+ ),
+ // Public x509 certificate of the IdP
+ 'x509cert' => env('SAML2_IDP_x509', 'MIID/TCCAuWgAwIBAgIJAI4R3WyjjmB1MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJBUjEVMBMGA1UECAwMQnVlbm9zIEFpcmVzMRUwEwYDVQQHDAxCdWVub3MgQWlyZXMxDDAKBgNVBAoMA1NJVTERMA8GA1UECwwIU2lzdGVtYXMxFDASBgNVBAMMC09yZy5TaXUuQ29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbmlAc2l1LmVkdS5hcjAeFw0xNDEyMDExNDM2MjVaFw0yNDExMzAxNDM2MjVaMIGUMQswCQYDVQQGEwJBUjEVMBMGA1UECAwMQnVlbm9zIEFpcmVzMRUwEwYDVQQHDAxCdWVub3MgQWlyZXMxDDAKBgNVBAoMA1NJVTERMA8GA1UECwwIU2lzdGVtYXMxFDASBgNVBAMMC09yZy5TaXUuQ29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbmlAc2l1LmVkdS5hcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbzW/EpEv+qqZzfT1Buwjg9nnNNVrxkCfuR9fQiQw2tSouS5X37W5h7RmchRt54wsm046PDKtbSz1NpZT2GkmHN37yALW2lY7MyVUC7itv9vDAUsFr0EfKIdCKgxCKjrzkZ5ImbNvjxf7eA77PPGJnQ/UwXY7W+cvLkirp0K5uWpDk+nac5W0JXOCFR1BpPUJRbz2jFIEHyChRt7nsJZH6ejzNqK9lABEC76htNy1Ll/D3tUoPaqo8VlKW3N3MZE0DB9O7g65DmZIIlFqkaMH3ALd8adodJtOvqfDU/A6SxuwMfwDYPjoucykGDu1etRZ7dF2gd+W+1Pn7yizPT1q8CAwEAAaNQME4wHQYDVR0OBBYEFPsn8tUHN8XXf23ig5Qro3beP8BuMB8GA1UdIwQYMBaAFPsn8tUHN8XXf23ig5Qro3beP8BuMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGu60odWFiK+DkQekozGnlpNBQz5lQ/bwmOWdktnQj6HYXu43e7sh9oZWArLYHEOyMUekKQAxOK51vbTHzzw66BZU91/nqvaOBfkJyZKGfluHbD0/hfOl/D5kONqI9kyTu4wkLQcYGyuIi75CJs15uA03FSuULQdY/Liv+czS/XYDyvtSLnu43VuAQWN321PQNhuGueIaLJANb2C5qq5ilTBUw6PxY9Z+vtMjAjTJGKEkE/tQs7CvzLPKXX3KTD9lIILmX5yUC3dLgjVKi1KGDqNApYGOMtjr5eoxPQrqDBmyx3flcy0dQTdLXud3UjWVW3N0PYgJtw5yBsS74QTGD4='),
+ /*
+ * Instead of use the whole x509cert you can use a fingerprint
+ * (openssl x509 -noout -fingerprint -in "idp.crt" to generate it)
+ */
+ // 'certFingerprint' => '',
+ ),
+
+
+
+ /***
+ *
+ * OneLogin advanced settings
+ *
+ *
+ */
+ // Security settings
+ 'security' => array(
+
+ /** signatures and encryptions offered */
+
+ // Indicates that the nameID of the <samlp:logoutRequest> sent by this SP
+ // will be encrypted.
+ 'nameIdEncrypted' => false,
+
+ // Indicates whether the <samlp:AuthnRequest> messages sent by this SP
+ // will be signed. [The Metadata of the SP will offer this info]
+ 'authnRequestsSigned' => false,
+
+ // Indicates whether the <samlp:logoutRequest> messages sent by this SP
+ // will be signed.
+ 'logoutRequestSigned' => false,
+
+ // Indicates whether the <samlp:logoutResponse> messages sent by this SP
+ // will be signed.
+ 'logoutResponseSigned' => false,
+
+ /* Sign the Metadata
+ False || True (use sp certs) || array (
+ keyFileName => 'metadata.key',
+ certFileName => 'metadata.crt'
+ )
+ */
+ 'signMetadata' => false,
+
+
+ /** signatures and encryptions required **/
+
+ // Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and
+ // <samlp:LogoutResponse> elements received by this SP to be signed.
+ 'wantMessagesSigned' => false,
+
+ // Indicates a requirement for the <saml:Assertion> elements received by
+ // this SP to be signed. [The Metadata of the SP will offer this info]
+ 'wantAssertionsSigned' => false,
+
+ // Indicates a requirement for the NameID received by
+ // this SP to be encrypted.
+ 'wantNameIdEncrypted' => false,
+
+ // Authentication context.
+ // Set to false and no AuthContext will be sent in the AuthNRequest,
+ // Set true or don't present thi parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
+ // Set an array with the possible auth context values: array ('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'),
+ 'requestedAuthnContext' => true,
+ ),
+
+ // Contact information template, it is recommended to suply a technical and support contacts
+ 'contactPerson' => array(
+ 'technical' => array(
+ 'givenName' => 'name',
+ 'emailAddress' => 'no@reply.com'
+ ),
+ 'support' => array(
+ 'givenName' => 'Support',
+ 'emailAddress' => 'no@reply.com'
+ ),
+ ),
+
+ // Organization information template, the info in en_US lang is recomended, add more if required
+ 'organization' => array(
+ 'en-US' => array(
+ 'name' => 'Name',
+ 'displayname' => 'Display Name',
+ 'url' => 'http://url'
+ ),
+ ),
+
+/* Interoperable SAML 2.0 Web Browser SSO Profile [saml2int] http://saml2int.org/profile/current
+
+ 'authnRequestsSigned' => false, // SP SHOULD NOT sign the <samlp:AuthnRequest>,
+ // MUST NOT assume that the IdP validates the sign
+ 'wantAssertionsSigned' => true,
+ 'wantAssertionsEncrypted' => true, // MUST be enabled if SSL/HTTPs is disabled
+ 'wantNameIdEncrypted' => false,
+*/
+
+);
{
"_readme": [
"This file locks the dependencies of your project to a known state",
- "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
+ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "0946a07729a7a1bfef9bac185a870afd",
+ "content-hash": "26a2c3ad0409c970f4f0c9b6dad49322",
"packages": [
+ {
+ "name": "aacotroneo/laravel-saml2",
+ "version": "1.0.0",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/aacotroneo/laravel-saml2.git",
+ "reference": "5045701a07bcd7600a17c92971368669870f546a"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/aacotroneo/laravel-saml2/zipball/5045701a07bcd7600a17c92971368669870f546a",
+ "reference": "5045701a07bcd7600a17c92971368669870f546a",
+ "shasum": ""
+ },
+ "require": {
+ "ext-openssl": "*",
+ "illuminate/support": ">=5.0.0",
+ "onelogin/php-saml": "^3.0.0",
+ "php": ">=5.4.0"
+ },
+ "require-dev": {
+ "mockery/mockery": "0.9.*"
+ },
+ "type": "library",
+ "extra": {
+ "laravel": {
+ "providers": [
+ "Aacotroneo\\Saml2\\Saml2ServiceProvider"
+ ],
+ "aliases": {
+ "Saml2": "Aacotroneo\\Saml2\\Facades\\Saml2Auth"
+ }
+ }
+ },
+ "autoload": {
+ "psr-0": {
+ "Aacotroneo\\Saml2\\": "src/"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "aacotroneo",
+ "email": "aacotroneo@gmail.com"
+ }
+ ],
+ "description": "A Laravel package for Saml2 integration as a SP (service provider) based on OneLogin toolkit, which is much lightweight than simplesamlphp",
+ "homepage": "https://github.com/aacotroneo/laravel-saml2",
+ "keywords": [
+ "SAML2",
+ "laravel",
+ "onelogin",
+ "saml"
+ ],
+ "time": "2018-11-08T14:03:58+00:00"
+ },
{
"name": "aws/aws-sdk-php",
"version": "3.86.2",
],
"time": "2018-12-28T10:07:33+00:00"
},
+ {
+ "name": "onelogin/php-saml",
+ "version": "3.2.1",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/onelogin/php-saml.git",
+ "reference": "845a6ce39e839ed9e687f80bffb02ffde16a70d0"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/onelogin/php-saml/zipball/845a6ce39e839ed9e687f80bffb02ffde16a70d0",
+ "reference": "845a6ce39e839ed9e687f80bffb02ffde16a70d0",
+ "shasum": ""
+ },
+ "require": {
+ "php": ">=5.4",
+ "robrichards/xmlseclibs": ">=3.0.3"
+ },
+ "require-dev": {
+ "pdepend/pdepend": "^2.5.0",
+ "php-coveralls/php-coveralls": "^1.0.2 || ^2.0",
+ "phploc/phploc": "^2.1 || ^3.0 || ^4.0",
+ "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1",
+ "sebastian/phpcpd": "^2.0 || ^3.0 || ^4.0",
+ "squizlabs/php_codesniffer": "^3.1.1"
+ },
+ "suggest": {
+ "ext-curl": "Install curl lib to be able to use the IdPMetadataParser for parsing remote XMLs",
+ "ext-gettext": "Install gettext and php5-gettext libs to handle translations",
+ "ext-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)"
+ },
+ "type": "library",
+ "autoload": {
+ "psr-4": {
+ "OneLogin\\": "src/"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "description": "OneLogin PHP SAML Toolkit",
+ "homepage": "https://developers.onelogin.com/saml/php",
+ "keywords": [
+ "SAML2",
+ "onelogin",
+ "saml"
+ ],
+ "time": "2019-06-25T10:28:20+00:00"
+ },
{
"name": "paragonie/random_compat",
"version": "v9.99.99",
],
"time": "2018-07-19T23:38:55+00:00"
},
+ {
+ "name": "robrichards/xmlseclibs",
+ "version": "3.0.3",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/robrichards/xmlseclibs.git",
+ "reference": "406c68ac9124db033d079284b719958b829cb830"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/406c68ac9124db033d079284b719958b829cb830",
+ "reference": "406c68ac9124db033d079284b719958b829cb830",
+ "shasum": ""
+ },
+ "require": {
+ "ext-openssl": "*",
+ "php": ">= 5.4"
+ },
+ "type": "library",
+ "autoload": {
+ "psr-4": {
+ "RobRichards\\XMLSecLibs\\": "src"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "BSD-3-Clause"
+ ],
+ "description": "A PHP library for XML Security",
+ "homepage": "https://github.com/robrichards/xmlseclibs",
+ "keywords": [
+ "security",
+ "signature",
+ "xml",
+ "xmldsig"
+ ],
+ "time": "2018-11-15T11:59:02+00:00"
+ },
{
"name": "sabberworm/php-css-parser",
"version": "8.1.0",
"mock",
"xunit"
],
+ "abandoned": true,
"time": "2018-08-09T05:50:03+00:00"
},
{
projects / bookstack / commitdiff