Projects/nettsiden
8
3
Fork 0
Code Issues 20 Pull Requests Activity

dist/simplesamlphp-config: renew to 2.5

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit
2025-12-17 04:50:44 +09:00
parent f782d20e56
commit 6fd4a0599c
1 changed files with 439 additions and 333 deletions
Download Patch File Download Diff File Expand all files Collapse all files

208
dist/simplesamlphp-config.php vendored
View File

@@ -5,15 +5,16 @@ declare(strict_types=1);
require_once dirname(__DIR__, 4) . \DIRECTORY_SEPARATOR . 'config.php';
/**
* The configuration of SimpleSAMLphp.
* The configuration of SimpleSAMLphp
*/
$httpUtils = new SimpleSAML\Utils\HTTP();
$httpUtils = new \SimpleSAML\Utils\HTTP();
$config = [
/*
/*******************************
| BASIC CONFIGURATION OPTIONS |
*/
*******************************/
/*
* Setup the following parameters to match your installation.
@@ -65,15 +66,12 @@ $config = [
* - 'loggingdir': Where to write logs. MUST be set to NULL when using a logging
* handler other than `file`.
* - 'datadir': Storage of general data.
* - 'tempdir': Saving temporary files. SimpleSAMLphp will attempt to create
* this directory if it doesn't exist. DEPRECATED - replaced by cachedir.
* When specified as a relative path, this is relative to the SimpleSAMLphp
* root directory.
*/
'cachedir' => $CACHE_DIRECTORY,
//'loggingdir' => '/var/log/',
//'datadir' => '/var/data/',
// 'tempdir' => '/tmp/simplesamlphp',
/*
* Certificate and key material can be loaded from different possible
@@ -180,9 +178,9 @@ $config = [
/*
/**********************************
| SECURITY CONFIGURATION OPTIONS |
*/
**********************************/
/*
* This is a secret salt used by SimpleSAMLphp when it needs to generate a secure hash
@@ -199,6 +197,10 @@ $config = [
* This password will give access to the installation page of SimpleSAMLphp with
* metadata listing and diagnostics pages.
* You can also put a hash here; run "bin/pwgen.php" to generate one.
*
* If you are using Ansible you might like to use
* ansible.builtin.password_hash(hashtype='blowfish', ident='2y', rounds=13)
* to generate this hashed value.
*/
'auth.adminpassword' => $SAML_ADMIN_PASSWORD,
@@ -280,7 +282,17 @@ $config = [
* Whenever you change any of these headers, make sure to validate your config by running your
* hostname through a security-test like https://en.internet.nl
'headers.security' => [
'Content-Security-Policy' => "default-src 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; img-src 'self' data:; base-uri 'none'",
'Content-Security-Policy' =>
"default-src 'none'; " .
"frame-ancestors 'self'; " .
"object-src 'none'; " .
"script-src 'self'; " .
"style-src 'self'; " .
"font-src 'self'; " .
"connect-src 'self'; " .
"media-src data:; " .
"img-src 'self' data:; " .
"base-uri 'none'",
'X-Frame-Options' => 'SAMEORIGIN',
'X-Content-Type-Options' => 'nosniff',
'Referrer-Policy' => 'origin-when-cross-origin',
@@ -288,9 +300,9 @@ $config = [
*/
/*
/************************
| ERRORS AND DEBUGGING |
*/
************************/
/*
* The 'debug' option allows you to control how SimpleSAMLphp behaves in certain
@@ -336,9 +348,69 @@ $config = [
* When 'errorreporting' is enabled, a form will be presented for the user to report
* the error to 'technicalcontact_email'.
*/
'showerrors' => true,
'showerrors' => false,
'errorreporting' => true,
/*
* When showerrors is true, this is an array of which errors
* should still be shown to the user. By default an error will
* always be shown if showerrors==true and this setting is at the default value to allow all.
*
* If you list anything in this option you have to explicitly list each error
* you would like to be shown to the user. You can also set the value to false
* to hide that error. If this setting is used with anything other than the default
* value and an error is not listed in the list then a backtrace for that error
* will not be shown.
*
* These can be any of the error codes in
* src/SimpleSAML/Error/ErrorCodes.php
*
*/
'showerrors.whitelist' => [ '*' => true ],
/*
some of the many possibilities for this setting
'showerrors.whitelist' => [
'ACSPARAMS' => true,
'ADMINNOTHASHED' => true,
'ARSPARAMS' => true,
'AUTHSOURCEERROR' => true,
'BADREQUEST' => true,
'CASERROR' => true,
'CONFIG' => true,
'CREATEREQUEST' => true,
'DISCOPARAMS' => true,
'GENERATEAUTHNRESPONSE' => true,
'INVALIDCERT' => true,
'LDAPERROR' => true,
'LOGOUTINFOLOST' => true,
'LOGOUTREQUEST' => true,
'MEMCACHEDOWN' => true,
'METADATA' => true,
'METADATANOTFOUND' => true,
'METHODNOTALLOWED' => true,
'NOACCESS' => true,
'NOCERT' => true,
'NORELAYSTATE' => true,
'NOSTATE' => true,
'NOTFOUND' => true,
'NOTFOUNDREASON' => true,
'NOTSET' => true,
'NOTVALIDCERT' => true,
'NOTVALIDCERTSIGNATURE' => true,
'PROCESSASSERTION' => true,
'PROCESSAUTHNREQUEST' => true,
'RESPONSESTATUSNOSUCCESS' => true,
'SLOSERVICEPARAMS' => true,
'SSOPARAMS' => true,
'UNHANDLEDEXCEPTION' => true,
'UNKNOWNCERT' => true,
'USERABORTED' => true,
'WRONGUSERPASS' => true,
],
*/
/*
* Custom error show function called from SimpleSAML\Error\Error::show.
* See docs/simplesamlphp-errorhandling.md for function code example.
@@ -348,9 +420,9 @@ $config = [
*/
/*
/**************************
| LOGGING AND STATISTICS |
*/
**************************/
/*
* Define the minimum log level to log. Available levels:
@@ -410,7 +482,7 @@ $config = [
*
* The default is to use LOG_LOCAL5 if available, and fall back to LOG_USER if not.
*/
'logging.facility' => defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : \LOG_USER,
'logging.facility' => defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER,
/*
* The process name that should be used when logging to syslog.
@@ -446,15 +518,15 @@ $config = [
/*
/***********************
| PROXY CONFIGURATION |
*/
***********************/
/*
* Proxy to use for retrieving URLs.
*
* Example:
* 'proxy' => 'tcp://proxy.example.com:5100'
* 'proxy' => 'http://proxy.example.com:5100'
*/
'proxy' => null,
@@ -467,9 +539,9 @@ $config = [
/*
/**************************
| DATABASE CONFIGURATION |
*/
**************************/
/*
* This database configuration is optional. If you are not using
@@ -529,9 +601,9 @@ $config = [
/*
/*************
| PROTOCOLS |
*/
*************/
/*
* Which functionality in SimpleSAMLphp do you want to enable. Normally you would enable only
@@ -543,33 +615,31 @@ $config = [
/*
/***********
| MODULES |
*/
***********/
/*
* Configuration for enabling/disabling modules. By default the 'core', 'admin' and 'saml' modules are enabled.
* Configuration for enabling/disabling modules. By default, the 'core', 'admin' and 'saml' modules are enabled.
*
* Example:
*
* 'module.enable' => [
* 'exampleauth' => true, // Setting to TRUE enables.
* 'consent' => false, // Setting to FALSE disables.
* 'core' => null, // Unset or NULL uses default.
* 'core' => null, // Unset or NULL uses default from \SimpleSAML\Module::$core_modules.
* ],
*/
'module.enable' => [
'exampleauth' => false,
'core' => true,
'admin' => true,
'saml' => true,
],
/*
/*************************
| SESSION CONFIGURATION |
*/
*************************/
/*
* This value is the duration of the session in seconds. Make sure that the time duration of
@@ -693,9 +763,9 @@ $config = [
/*
/**************************
| MEMCACHE CONFIGURATION |
*/
**************************/
/*
* Configuration for the 'memcache' session store. This allows you to store
@@ -815,16 +885,16 @@ $config = [
/*
/*************************************
| LANGUAGE AND INTERNATIONALIZATION |
*/
*************************************/
/*
* Languages available, RTL languages, and what language is the default.
*/
'language.available' => [
'en', 'no', 'nn', 'se', 'da', 'de', 'sv', 'fi', 'es', 'ca', 'fr', 'it', 'nl', 'lb',
'cs', 'sk', 'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt-br', 'tr', 'ja', 'zh', 'zh-tw',
'cs', 'sk', 'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt_BR', 'tr', 'ja', 'zh', 'zh_TW',
'ru', 'et', 'he', 'id', 'sr', 'lv', 'ro', 'eu', 'el', 'af', 'zu', 'xh', 'st',
],
'language.rtl' => ['ar', 'dv', 'fa', 'ur', 'he'],
@@ -847,7 +917,7 @@ $config = [
'language.cookie.lifetime' => (60 * 60 * 24 * 900),
'language.cookie.samesite' => $httpUtils->canSetSameSiteNone() ? 'None' : null,
/*
/**
* Custom getLanguage function called from SimpleSAML\Locale\Language::getLanguage().
* Function should return language code of one of the available languages or NULL.
* See SimpleSAML\Locale\Language::getLanguage() source code for more info.
@@ -859,9 +929,9 @@ $config = [
* 'language.get_language_function' => ['\SimpleSAML\Module\example\Template', 'getLanguage'],
*/
/*
/**************
| APPEARANCE |
*/
**************/
/*
* Which theme directory should be used?
@@ -874,7 +944,7 @@ $config = [
*/
//'theme.header' => 'SimpleSAMLphp',
/*
/**
* A template controller, if any.
*
* Used to intercept certain parts of the template handling, while keeping away unwanted/unexpected hooks. Set
@@ -900,6 +970,14 @@ $config = [
*/
'template.auto_reload' => false,
/*
* Set the 'template.debug' to true to enable debugging for Twig templates.
* This is useful during development as it provides better error messages.
* Defaults to false.
*/
//'template.debug' => false,
/*
* Set this option to true to indicate that your installation of SimpleSAMLphp
* is running in a production environment. This will affect the way resources
@@ -917,6 +995,19 @@ $config = [
* The serving of the resources can be configured through these settings.
*/
'assets' => [
/*
* Used to generate cache buster tags. This salt is only used for this purpose.
* You should set this in the same way as secretsalt.
*
* You can change this salt at any time. This will have the effect of explicit
* cache busting as the tags for resources will change and thus all resources
* will be fetched again.
*
* Leaving the default value in place can allow an attacker the opportunity
* to work out the version of SSP you have installed.
*/
'salt' => 'assets.salt.default',
/*
* These settings adjust the caching headers that are sent
* when serving static resources.
@@ -938,16 +1029,16 @@ $config = [
],
],
/*
/**
* Set to a full URL if you want to redirect users that land on SimpleSAMLphp's
* front page to somewhere more useful. If left unset, a basic welcome message
* is shown.
*/
//'frontpage.redirect' => 'https://example.com/',
/*
/*********************
| DISCOVERY SERVICE |
*/
*********************/
/*
* Whether the discovery service should allow the user to save his choice of IdP.
@@ -976,9 +1067,9 @@ $config = [
/*
/*************************************
| AUTHENTICATION PROCESSING FILTERS |
*/
*************************************/
/*
* Authentication processing filters that will be executed for all IdPs
@@ -1060,9 +1151,9 @@ $config = [
/*
/**************************
| METADATA CONFIGURATION |
*/
**************************/
/*
* This option allows you to specify a directory for your metadata outside of the standard metadata directory
@@ -1130,6 +1221,21 @@ $config = [
* ['type' => 'xml', 'file' => 'idp.example.org-idpMeta.xml'],
* ],
*
* This example defines a remote xml-file with optional connection context.
* See PHP documentation for possible context options: https://www.php.net/manual/en/context.php
*
* 'metadata.sources' => [
* [
* 'type' => 'xml',
* 'url' => 'https://example.org/idp.example.org-idpMeta.xml',
* 'context' => [
* 'ssl' => [
* 'verify_peer' => true,
* ],
* ],
* ],
* ],
*
* This example defines an mdq source.
* 'metadata.sources' => [
* [
@@ -1182,9 +1288,9 @@ $config = [
'metadata.sign.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
/*
/****************************
| DATA STORE CONFIGURATION |
*/
****************************/
/*
* Configure the data store for SimpleSAMLphp.
@@ -1288,9 +1394,9 @@ $config = [
*/
'store.redis.sentinels' => [],
/*
/*********************
| IdP/SP PROXY MODE |
*/
*********************/
/*
* If the IdP in front of SimpleSAMLphp in IdP/SP proxy mode sends