Mega PR: Update deps, consolidate config, build with nix, gallery fixes, etc. #53

Merged
felixalb merged 12 commits from nixify-ng into master 2024-04-10 21:45:10 +02:00
24 changed files with 1165 additions and 2468 deletions
Showing only changes of commit 7e158c9fc3 - Show all commits

View File

@ -9,9 +9,7 @@
} }
}, },
"require": { "require": {
"simplesamlphp/simplesamlphp": "~1.19.8", "simplesamlphp/simplesamlphp": "^2.2",
"erusev/parsedown": "^1.7", "erusev/parsedown": "^1.7"
"simplesamlphp/saml2": "^4.6",
"gettext/gettext": "^4.8"
} }
} }

3242
composer.lock generated

File diff suppressed because it is too large Load Diff

View File

@ -6,6 +6,8 @@ require_once(dirname(dirname(dirname(dirname(__DIR__)))) . DIRECTORY_SEPARATOR .
* The configuration of SimpleSAMLphp * The configuration of SimpleSAMLphp
*/ */
$httpUtils = new \SimpleSAML\Utils\HTTP();
$config = [ $config = [
/******************************* /*******************************
@ -24,18 +26,20 @@ $config = [
* *
* The full url format is useful if your SimpleSAMLphp setup is hosted behind * The full url format is useful if your SimpleSAMLphp setup is hosted behind
* a reverse proxy. In that case you can specify the external url here. * a reverse proxy. In that case you can specify the external url here.
* Specifying the full URL including https: will let SimpleSAMLphp know
* that it runs on HTTPS even if the backend server is plain HTTP.
* *
* Please note that SimpleSAMLphp will then redirect all queries to the * Please note that SimpleSAMLphp will then redirect all queries to the
* external url, no matter where you come from (direct access or via the * external url, no matter where you come from (direct access or via the
* reverse proxy). * reverse proxy).
*/ */
'baseurlpath' => '/simplesaml/', 'baseurlpath' => 'simplesaml/',
/* /*
* The 'application' configuration array groups a set configuration options * The 'application' configuration array groups a set configuration options
* relative to an application protected by SimpleSAMLphp. * relative to an application protected by SimpleSAMLphp.
*/ */
//'application' => [ 'application' => [
/* /*
* The 'baseURL' configuration option allows you to specify a protocol, * The 'baseURL' configuration option allows you to specify a protocol,
* host and optionally a port that serves as the canonical base for all * host and optionally a port that serves as the canonical base for all
@ -51,16 +55,17 @@ $config = [
* to SimpleSAMLphp's API. * to SimpleSAMLphp's API.
*/ */
//'baseURL' => 'https://example.com', //'baseURL' => 'https://example.com',
//], ],
/* /*
* The following settings are *filesystem paths* which define where * The following settings are *filesystem paths* which define where
* SimpleSAMLphp can find or write the following things: * SimpleSAMLphp can find or write the following things:
* - 'certdir': The base directory for certificate and key material. * - 'cachedir': Where SimpleSAMLphp can write its cache.
* - 'loggingdir': Where to write logs. * - 'loggingdir': Where to write logs. MUST be set to NULL when using a logging
* handler other than `file`.
* - 'datadir': Storage of general data. * - 'datadir': Storage of general data.
* - 'tempdir': Saving temporary files. SimpleSAMLphp will attempt to create * - 'tempdir': Saving temporary files. SimpleSAMLphp will attempt to create
* this directory if it doesn't exist. * this directory if it doesn't exist. DEPRECATED - replaced by cachedir.
* When specified as a relative path, this is relative to the SimpleSAMLphp * When specified as a relative path, this is relative to the SimpleSAMLphp
* root directory. * root directory.
*/ */
@ -88,9 +93,36 @@ $config = [
* as file locations. * as file locations.
*/ */
'certdir' => 'cert/', 'certdir' => 'cert/',
'loggingdir' => 'log/',
'datadir' => 'data/', /* To load a certificate or key from the database, it should be specified
'tempdir' => '/tmp/simplesaml', * as 'pdo://<id>' where <id> is the identifier in the database table that
* should be matched. While the certificate and key tables are expected to
* be in the simplesaml database, they are not created or managed by
* simplesaml. The following parameters control how the pdo location
* attempts to retrieve certificates and keys from the database:
*
* - 'cert.pdo.table': name of table where certificates are stored
* - 'cert.pdo.keytable': name of table where keys are stored
* - 'cert.pdo.apply_prefix': whether or not to prepend the database.prefix
* parameter to the table names; if you are using
* database.prefix to separate multiple SSP instances
* in the same database but want to share certificate/key
* data between them, set this to false
* - 'cert.pdo.id_column': name of column to use as identifier
* - 'cert.pdo.data_column': name of column where PEM data is stored
*
* Basically, the query executed will be:
*
* SELECT cert.pdo.data_column FROM cert.pdo.table WHERE cert.pdo.id_column = :id
*
* Defaults are shown below, to change them, uncomment the line and update as
* needed
*/
//'cert.pdo.table' => 'certificates',
//'cert.pdo.keytable' => 'private_keys',
//'cert.pdo.apply_prefix' => true,
//'cert.pdo.id_column' => 'id',
//'cert.pdo.data_column' => 'data',
/* /*
* Some information about the technical persons running this installation. * Some information about the technical persons running this installation.
@ -112,18 +144,22 @@ $config = [
* Set the transport options for the transport method specified. The valid settings are relative to the * Set the transport options for the transport method specified. The valid settings are relative to the
* selected transport method. * selected transport method.
*/ */
// // smtp mail transport options /*
// 'mail.transport.options' => [ 'mail.transport.options' => [
// 'host' => 'mail.example.org', // required 'host' => 'mail.example.org', // required
// 'port' => 25, // optional 'port' => 25, // optional
// 'username' => 'user@example.org', // optional: if set, enables smtp authentication 'username' => 'user@example.org', // optional: if set, enables smtp authentication
// 'password' => 'password', // optional: if set, enables smtp authentication 'password' => 'password', // optional: if set, enables smtp authentication
// 'security' => 'tls', // optional: defaults to no smtp security 'security' => 'tls', // optional: defaults to no smtp security
// ], 'smtpOptions' => [], // optional: passed to stream_context_create when connecting via SMTP
// // sendmail mail transport options ],
// 'mail.transport.options' => [
// 'path' => '/usr/sbin/sendmail' // optional: defaults to php.ini path // sendmail mail transport options
// ], /*
'mail.transport.options' => [
'path' => '/usr/sbin/sendmail' // optional: defaults to php.ini path
],
*/
/* /*
* The envelope from address for outgoing emails. * The envelope from address for outgoing emails.
@ -153,7 +189,7 @@ $config = [
* 'secretsalt' can be any valid string of any length. * 'secretsalt' can be any valid string of any length.
* *
* A possible way to generate a random salt is by running the following command from a unix shell: * A possible way to generate a random salt is by running the following command from a unix shell:
* LC_CTYPE=C tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo * LC_ALL=C tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo
*/ */
'secretsalt' => $SAML_COOKIE_SALT, 'secretsalt' => $SAML_COOKIE_SALT,
@ -166,10 +202,8 @@ $config = [
'auth.adminpassword' => $SAML_ADMIN_PASSWORD, 'auth.adminpassword' => $SAML_ADMIN_PASSWORD,
/* /*
* Set this options to true if you want to require administrator password to access the web interface * Set this option to true if you want to require administrator password to access the metadata.
* or the metadata pages, respectively.
*/ */
'admin.protectindexpage' => false,
'admin.protectmetadata' => false, 'admin.protectmetadata' => false,
/* /*
@ -229,7 +263,7 @@ $config = [
/* /*
* Set the allowed clock skew between encrypting/decrypting assertions * Set the allowed clock skew between encrypting/decrypting assertions
* *
* If you have an server that is constantly out of sync, this option * If you have a server that is constantly out of sync, this option
* allows you to adjust the allowed clock-skew. * allows you to adjust the allowed clock-skew.
* *
* Allowed range: 180 - 300 * Allowed range: 180 - 300
@ -237,6 +271,21 @@ $config = [
*/ */
'assertion.allowed_clock_skew' => 180, 'assertion.allowed_clock_skew' => 180,
/*
* Set custom security headers. The defaults can be found in \SimpleSAML\Configuration::DEFAULT_SECURITY_HEADERS
*
* NOTE: When a header is already set on the response we will NOT overrule it and leave it untouched.
*
* Whenever you change any of these headers, make sure to validate your config by running your
* hostname through a security-test like https://en.internet.nl
'headers.security' => [
'Content-Security-Policy' => "default-src 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; img-src 'self' data:; base-uri 'none'",
'X-Frame-Options' => 'SAMEORIGIN',
'X-Content-Type-Options' => 'nosniff',
'Referrer-Policy' => 'origin-when-cross-origin',
],
*/
/************************ /************************
| ERRORS AND DEBUGGING | | ERRORS AND DEBUGGING |
@ -291,14 +340,13 @@ $config = [
/* /*
* Custom error show function called from SimpleSAML\Error\Error::show. * Custom error show function called from SimpleSAML\Error\Error::show.
* See docs/simplesamlphp-errorhandling.txt for function code example. * See docs/simplesamlphp-errorhandling.md for function code example.
* *
* Example: * Example:
* 'errors.show_function' => ['SimpleSAML\Module\example\Error', 'show'], * 'errors.show_function' => ['SimpleSAML\Module\example\Error', 'show'],
*/ */
/************************** /**************************
| LOGGING AND STATISTICS | | LOGGING AND STATISTICS |
**************************/ **************************/
@ -315,6 +363,9 @@ $config = [
* *
* Options: [syslog,file,errorlog,stderr] * Options: [syslog,file,errorlog,stderr]
* *
* If you set the handler to 'file', the directory specified in loggingdir above
* must exist and be writable for SimpleSAMLphp. If set to something else, set
* loggingdir above to 'null'.
*/ */
'logging.level' => SimpleSAML\Logger::NOTICE, 'logging.level' => SimpleSAML\Logger::NOTICE,
'logging.handler' => 'syslog', 'logging.handler' => 'syslog',
@ -325,7 +376,7 @@ $config = [
* are: * are:
* *
* - %date{<format>}: the date and time, with its format specified inside the brackets. See the PHP documentation * - %date{<format>}: the date and time, with its format specified inside the brackets. See the PHP documentation
* of the strftime() function for more information on the format. If the brackets are omitted, the standard * of the date() function for more information on the format. If the brackets are omitted, the standard
* format is applied. This can be useful if you just want to control the placement of the date, but don't care * format is applied. This can be useful if you just want to control the placement of the date, but don't care
* about the format. * about the format.
* *
@ -345,7 +396,7 @@ $config = [
* - %msg: the message to be logged. * - %msg: the message to be logged.
* *
*/ */
//'logging.format' => '%date{%b %d %H:%M:%S} %process %level %stat[%trackid] %msg', //'logging.format' => '%date{M j H:i:s} %process %level %stat[%trackid] %msg',
/* /*
* Choose which facility should be used when logging with syslog. * Choose which facility should be used when logging with syslog.
@ -375,7 +426,8 @@ $config = [
* This is an array of outputs. Each output has at least a 'class' option, which * This is an array of outputs. Each output has at least a 'class' option, which
* selects the output. * selects the output.
*/ */
'statistics.out' => [// Log statistics to the normal log. 'statistics.out' => [
// Log statistics to the normal log.
/* /*
[ [
'class' => 'core:Log', 'class' => 'core:Log',
@ -454,19 +506,19 @@ $config = [
'database.persistent' => false, 'database.persistent' => false,
/* /*
* Database slave configuration is optional as well. If you are only * Database secondary configuration is optional as well. If you are only
* running a single database server, leave this blank. If you have * running a single database server, leave this blank. If you have
* a master/slave configuration, you can define as many slave servers * a primary/secondary configuration, you can define as many secondary servers
* as you want here. Slaves will be picked at random to be queried from. * as you want here. Secondaries will be picked at random to be queried from.
* *
* Configuration options in the slave array are exactly the same as the * Configuration options in the secondary array are exactly the same as the
* options for the master (shown above) with the exception of the table * options for the primary (shown above) with the exception of the table
* prefix and driver options. * prefix and driver options.
*/ */
'database.slaves' => [ 'database.secondaries' => [
/* /*
[ [
'dsn' => 'mysql:host=myslave;dbname=saml', 'dsn' => 'mysql:host=mysecondary;dbname=saml',
'username' => 'simplesamlphp', 'username' => 'simplesamlphp',
'password' => 'secret', 'password' => 'secret',
'persistent' => false, 'persistent' => false,
@ -484,23 +536,10 @@ $config = [
* Which functionality in SimpleSAMLphp do you want to enable. Normally you would enable only * Which functionality in SimpleSAMLphp do you want to enable. Normally you would enable only
* one of the functionalities below, but in some cases you could run multiple functionalities. * one of the functionalities below, but in some cases you could run multiple functionalities.
* In example when you are setting up a federation bridge. * In example when you are setting up a federation bridge.
*
* Note that shib13-idp has been deprecated and will be removed in SimpleSAMLphp 2.0.
*/ */
'enable.saml20-idp' => false, 'enable.saml20-idp' => false,
'enable.shib13-idp' => false,
'enable.adfs-idp' => false, 'enable.adfs-idp' => false,
/*
* Whether SimpleSAMLphp should sign the response or the assertion in SAML 1.1 authentication
* responses.
*
* The default is to sign the assertion element, but that can be overridden by setting this
* option to TRUE. It can also be overridden on a pr. SP basis by adding an option with the
* same name to the metadata of the SP.
*/
'shib13.signresponse' => true,
/*********** /***********
@ -508,7 +547,7 @@ $config = [
***********/ ***********/
/* /*
* Configuration to override module enabling/disabling. * Configuration for enabling/disabling modules. By default the 'core', 'admin' and 'saml' modules are enabled.
* *
* Example: * Example:
* *
@ -517,12 +556,12 @@ $config = [
* 'consent' => false, // Setting to FALSE disables. * 'consent' => false, // Setting to FALSE disables.
* 'core' => null, // Unset or NULL uses default. * 'core' => null, // Unset or NULL uses default.
* ], * ],
*
*/ */
'module.enable' => [ 'module.enable' => [
'exampleauth' => false, 'exampleauth' => false,
'core' => true, 'core' => true,
'admin' => true,
'saml' => true 'saml' => true
], ],
@ -582,7 +621,7 @@ $config = [
* Example: * Example:
* 'session.cookie.domain' => '.example.org', * 'session.cookie.domain' => '.example.org',
*/ */
'session.cookie.domain' => null, 'session.cookie.domain' => '',
/* /*
* Set the secure flag in the cookie. * Set the secure flag in the cookie.
@ -590,6 +629,8 @@ $config = [
* Set this to TRUE if the user only accesses your service * Set this to TRUE if the user only accesses your service
* through https. If the user can access the service through * through https. If the user can access the service through
* both http and https, this must be set to FALSE. * both http and https, this must be set to FALSE.
*
* If unset, SimpleSAMLphp will try to automatically determine the right value
*/ */
'session.cookie.secure' => $SAML_COOKIE_SECURE, 'session.cookie.secure' => $SAML_COOKIE_SECURE,
@ -610,7 +651,7 @@ $config = [
* Example: * Example:
* 'session.cookie.samesite' => 'None', * 'session.cookie.samesite' => 'None',
*/ */
'session.cookie.samesite' => \SimpleSAML\Utils\HTTP::canSetSameSiteNone() ? 'None' : null, 'session.cookie.samesite' => $httpUtils->canSetSameSiteNone() ? 'None' : null,
/* /*
* Options to override the default settings for php sessions. * Options to override the default settings for php sessions.
@ -643,7 +684,7 @@ $config = [
/* /*
* Custom function for session checking called on session init and loading. * Custom function for session checking called on session init and loading.
* See docs/simplesamlphp-advancedfeatures.txt for function code example. * See docs/simplesamlphp-advancedfeatures.md for function code example.
* *
* Example: * Example:
* 'session.check_function' => ['\SimpleSAML\Module\example\Util', 'checkSession'], * 'session.check_function' => ['\SimpleSAML\Module\example\Util', 'checkSession'],
@ -777,48 +818,13 @@ $config = [
| LANGUAGE AND INTERNATIONALIZATION | | LANGUAGE AND INTERNATIONALIZATION |
*************************************/ *************************************/
/*
* Language-related options.
*/
'language' => [
/*
* An array in the form 'language' => <list of alternative languages>.
*
* Each key in the array is the ISO 639 two-letter code for a language,
* and its value is an array with a list of alternative languages that
* can be used if the given language is not available at some point.
* Each alternative language is also specified by its ISO 639 code.
*
* For example, for the "no" language code (Norwegian), we would have:
*
* 'priorities' => [
* 'no' => ['nb', 'nn', 'en', 'se'],
* ...
* ],
*
* establishing that if a translation for the "no" language code is
* not available, we look for translations in "nb",
* and so on, in that order.
*/
'priorities' => [
'no' => ['nb', 'nn', 'en', 'se'],
'nb' => ['no', 'nn', 'en', 'se'],
'nn' => ['no', 'nb', 'en', 'se'],
'se' => ['nb', 'no', 'nn', 'en'],
'nr' => ['zu', 'en'],
'nd' => ['zu', 'en'],
'tw' => ['st', 'en'],
'nso' => ['st', 'en'],
],
],
/* /*
* Languages available, RTL languages, and what language is the default. * Languages available, RTL languages, and what language is the default.
*/ */
'language.available' => [ 'language.available' => [
'en', 'no', 'nn', 'se', 'da', 'de', 'sv', 'fi', 'es', 'ca', 'fr', 'it', 'nl', 'lb', 'en', 'no', 'nn', 'se', 'da', 'de', 'sv', 'fi', 'es', 'ca', 'fr', 'it', 'nl', 'lb',
'cs', 'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt-br', 'tr', 'ja', 'zh', 'zh-tw', 'ru', 'cs', 'sk', 'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt-br', 'tr', 'ja', 'zh', 'zh-tw',
'et', 'he', 'id', 'sr', 'lv', 'ro', 'eu', 'el', 'af', 'zu', 'xh', 'st', 'ru', 'et', 'he', 'id', 'sr', 'lv', 'ro', 'eu', 'el', 'af', 'zu', 'xh', 'st',
], ],
'language.rtl' => ['ar', 'dv', 'fa', 'ur', 'he'], 'language.rtl' => ['ar', 'dv', 'fa', 'ur', 'he'],
'language.default' => 'en', 'language.default' => 'en',
@ -833,12 +839,12 @@ $config = [
* Options to override the default settings for the language cookie * Options to override the default settings for the language cookie
*/ */
'language.cookie.name' => 'language', 'language.cookie.name' => 'language',
'language.cookie.domain' => null, 'language.cookie.domain' => '',
'language.cookie.path' => '/', 'language.cookie.path' => '/',
'language.cookie.secure' => true, 'language.cookie.secure' => true,
'language.cookie.httponly' => false, 'language.cookie.httponly' => false,
'language.cookie.lifetime' => (60 * 60 * 24 * 900), 'language.cookie.lifetime' => (60 * 60 * 24 * 900),
'language.cookie.samesite' => \SimpleSAML\Utils\HTTP::canSetSameSiteNone() ? 'None' : null, 'language.cookie.samesite' => $httpUtils->canSetSameSiteNone() ? 'None' : null,
/** /**
* Custom getLanguage function called from SimpleSAML\Locale\Language::getLanguage(). * Custom getLanguage function called from SimpleSAML\Locale\Language::getLanguage().
@ -852,34 +858,6 @@ $config = [
* 'language.get_language_function' => ['\SimpleSAML\Module\example\Template', 'getLanguage'], * 'language.get_language_function' => ['\SimpleSAML\Module\example\Template', 'getLanguage'],
*/ */
/*
* Extra dictionary for attribute names.
* This can be used to define local attributes.
*
* The format of the parameter is a string with <module>:<dictionary>.
*
* Specifying this option will cause us to look for modules/<module>/dictionaries/<dictionary>.definition.json
* The dictionary should look something like:
*
* {
* "firstattribute": {
* "en": "English name",
* "no": "Norwegian name"
* },
* "secondattribute": {
* "en": "English name",
* "no": "Norwegian name"
* }
* }
*
* Note that all attribute names in the dictionary must in lowercase.
*
* Example: 'attributes.extradictionary' => 'ourmodule:ourattributes',
*/
'attributes.extradictionary' => null,
/************** /**************
| APPEARANCE | | APPEARANCE |
**************/ **************/
@ -893,7 +871,7 @@ $config = [
* Set this option to the text you would like to appear at the header of each page. Set to false if you don't want * Set this option to the text you would like to appear at the header of each page. Set to false if you don't want
* any text to appear in the header. * any text to appear in the header.
*/ */
//'theme.header' => 'SimpleSAMLphp' //'theme.header' => 'SimpleSAMLphp',
/** /**
* A template controller, if any. * A template controller, if any.
@ -959,6 +937,12 @@ $config = [
], ],
], ],
/**
* Set to a full URL if you want to redirect users that land on SimpleSAMLphp's
* front page to somewhere more useful. If left unset, a basic welcome message
* is shown.
*/
//'frontpage.redirect' => 'https://example.com/',
/********************* /*********************
| DISCOVERY SERVICE | | DISCOVERY SERVICE |
@ -979,7 +963,7 @@ $config = [
/* /*
* IdP Discovery service look configuration. * IdP Discovery service look configuration.
* Wether to display a list of idp or to display a dropdown box. For many IdP' a dropdown box * Whether to display a list of idp or to display a dropdown box. For many IdP' a dropdown box
* gives the best use experience. * gives the best use experience.
* *
* When using dropdown box a cookie is used to highlight the previously chosen IdP in the dropdown. * When using dropdown box a cookie is used to highlight the previously chosen IdP in the dropdown.
@ -997,11 +981,10 @@ $config = [
/* /*
* Authentication processing filters that will be executed for all IdPs * Authentication processing filters that will be executed for all IdPs
* Both Shibboleth and SAML 2.0
*/ */
'authproc.idp' => [ 'authproc.idp' => [
/* Enable the authproc filter below to add URN prefixes to all attributes /* Enable the authproc filter below to add URN prefixes to all attributes
10 => array[ 10 => [
'class' => 'core:AttributeMap', 'addurnprefix' 'class' => 'core:AttributeMap', 'addurnprefix'
], ],
*/ */
@ -1012,12 +995,6 @@ $config = [
// Adopts language from attribute to use in UI // Adopts language from attribute to use in UI
30 => 'core:LanguageAdaptor', 30 => 'core:LanguageAdaptor',
45 => [
'class' => 'core:StatisticsWithAttribute',
'attributename' => 'realm',
'type' => 'saml20-idp-SSO',
],
/* When called without parameters, it will fallback to filter attributes 'the old way' /* When called without parameters, it will fallback to filter attributes 'the old way'
* by checking the 'attributes' parameter in metadata on IdP hosted and SP remote. * by checking the 'attributes' parameter in metadata on IdP hosted and SP remote.
*/ */
@ -1053,7 +1030,6 @@ $config = [
/* /*
* Authentication processing filters that will be executed for all SPs * Authentication processing filters that will be executed for all SPs
* Both Shibboleth and SAML 2.0
*/ */
'authproc.sp' => [ 'authproc.sp' => [
/* /*
@ -1122,7 +1098,7 @@ $config = [
* The MDQ metadata handler defines the following options: * The MDQ metadata handler defines the following options:
* - 'type': This is always 'mdq'. * - 'type': This is always 'mdq'.
* - 'server': Base URL of the MDQ server. Mandatory. * - 'server': Base URL of the MDQ server. Mandatory.
* - 'validateFingerprint': The fingerprint of the certificate used to sign the metadata. You don't need this * - 'validateCertificate': The certificates file that may be used to sign the metadata. You don't need this
* option if you don't want to validate the signature on the metadata. Optional. * option if you don't want to validate the signature on the metadata. Optional.
* - 'cachedir': Directory where metadata can be cached. Optional. * - 'cachedir': Directory where metadata can be cached. Optional.
* - 'cachelength': Maximum time metadata can be cached, in seconds. Defaults to 24 * - 'cachelength': Maximum time metadata can be cached, in seconds. Defaults to 24
@ -1158,6 +1134,10 @@ $config = [
* [ * [
* 'type' => 'mdq', * 'type' => 'mdq',
* 'server' => 'http://mdq.server.com:8080', * 'server' => 'http://mdq.server.com:8080',
* 'validateCertificate' => [
* '/var/simplesamlphp/cert/metadata-key.new.crt',
* '/var/simplesamlphp/cert/metadata-key.old.crt'
* ],
* 'cachedir' => '/var/simplesamlphp/mdq-cache', * 'cachedir' => '/var/simplesamlphp/mdq-cache',
* 'cachelength' => 86400 * 'cachelength' => 86400
* ] * ]
@ -1198,6 +1178,7 @@ $config = [
'metadata.sign.privatekey' => null, 'metadata.sign.privatekey' => null,
'metadata.sign.privatekey_pass' => null, 'metadata.sign.privatekey_pass' => null,
'metadata.sign.certificate' => null, 'metadata.sign.certificate' => null,
'metadata.sign.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
/**************************** /****************************
@ -1235,14 +1216,86 @@ $config = [
*/ */
'store.sql.prefix' => 'SimpleSAMLphp', 'store.sql.prefix' => 'SimpleSAMLphp',
/*
* The driver-options we should pass to the PDO-constructor.
*/
'store.sql.options' => [],
/* /*
* The hostname and port of the Redis datastore instance. * The hostname and port of the Redis datastore instance.
*/ */
'store.redis.host' => 'localhost', 'store.redis.host' => 'localhost',
'store.redis.port' => 6379, 'store.redis.port' => 6379,
/*
* The credentials to use when connecting to Redis.
*
* If your Redis server is using the legacy password protection (config
* directive "requirepass" in redis.conf) then you should only provide
* a password.
*
* If your Redis server is using ACL's (which are recommended as of
* Redis 6+) then you should provide both a username and a password.
* See https://redis.io/docs/manual/security/acl/
*/
'store.redis.username' => '',
'store.redis.password' => '',
/*
* Communicate with Redis over a secure connection instead of plain TCP.
*
* This setting affects both single host connections as
* well as Sentinel mode.
*/
'store.redis.tls' => false,
/*
* Verify the Redis server certificate.
*/
'store.redis.insecure' => false,
/*
* Files related to secure communication with Redis.
*
* Files are searched in the 'certdir' when using relative paths.
*/
'store.redis.ca_certificate' => null,
'store.redis.certificate' => null,
'store.redis.privatekey' => null,
/* /*
* The prefix we should use on our Redis datastore. * The prefix we should use on our Redis datastore.
*/ */
'store.redis.prefix' => 'SimpleSAMLphp', 'store.redis.prefix' => 'SimpleSAMLphp',
/*
* The master group to use for Redis Sentinel.
*/
'store.redis.mastergroup' => 'mymaster',
/*
* The Redis Sentinel hosts.
* Example:
* 'store.redis.sentinels' => [
* 'tcp://[yoursentinel1]:[port]',
* 'tcp://[yoursentinel2]:[port]',
* 'tcp://[yoursentinel3]:[port]
* ],
*
* Use 'tls' instead of 'tcp' in order to make use of the additional
* TLS settings.
*/
'store.redis.sentinels' => [],
/*********************
| IdP/SP PROXY MODE |
*********************/
/*
* If the IdP in front of SimpleSAMLphp in IdP/SP proxy mode sends
* AuthnContextClassRef, decide whether the AuthnContextClassRef will be
* processed by the IdP/SP proxy or if it will be passed to the SP behind
* the IdP/SP proxy.
*/
'proxymode.passAuthnContextClassRef' => false,
]; ];

View File

@ -18,7 +18,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
$sp = 'default-sp'; $sp = 'default-sp';
$as = new SimpleSAML_Auth_Simple($sp); $as = new \SimpleSAML\Auth\Simple($sp);
use \pvv\side\Agenda; use \pvv\side\Agenda;
$agenda = new \pvv\side\Agenda([ $agenda = new \pvv\side\Agenda([

View File

@ -35,7 +35,7 @@ function loginBar($sp = null, $pdo = null) {
if (is_null($sp)) $sp = 'default-sp'; if (is_null($sp)) $sp = 'default-sp';
$result = "\n"; $result = "\n";
require_once(__DIR__ . '/../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple($sp); $as = new \SimpleSAML\Auth\Simple($sp);
$svg = '<svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 64 64"> $svg = '<svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 64 64">
<circle cx="32" cy="27" r="14" stroke-width="0" /> <circle cx="32" cy="27" r="14" stroke-width="0" />

View File

@ -7,7 +7,7 @@ php.buildComposerProject rec {
src = ./..; src = ./..;
pname = "pvv-nettsiden"; pname = "pvv-nettsiden";
version = "0.0.1"; version = "0.0.1";
vendorHash = "sha256-DSn0ifj7Hjjia1SF/1wfziD/IdsiOES8XNDVz3F/cTI="; vendorHash = "sha256-sWC5E60toa95re2NugvHVPT+vKYXc1I6Z3rSqXxTUu0=";
passthru.simplesamlphpPath = "share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp"; passthru.simplesamlphpPath = "share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp";

View File

@ -6,7 +6,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -10,7 +10,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -10,7 +10,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -8,7 +8,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -7,7 +7,7 @@ require __DIR__ . '/../../../inc/navbar.php';
require __DIR__ . '/../../../src/_autoload.php'; require __DIR__ . '/../../../src/_autoload.php';
require __DIR__ . '/../../../config.php'; require __DIR__ . '/../../../config.php';
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$pdo = new \PDO($DB_DSN, $DB_USER, $DB_PASS); $pdo = new \PDO($DB_DSN, $DB_USER, $DB_PASS);
@ -15,7 +15,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -10,7 +10,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -5,7 +5,7 @@ $pdo = new \PDO($DB_DSN, $DB_USER, $DB_PASS);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -7,7 +7,7 @@ require __DIR__ . '/../../../inc/navbar.php';
require __DIR__ . '/../../../src/_autoload.php'; require __DIR__ . '/../../../src/_autoload.php';
require __DIR__ . '/../../../config.php'; require __DIR__ . '/../../../config.php';
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$pdo = new \PDO($DB_DSN, $DB_USER, $DB_PASS); $pdo = new \PDO($DB_DSN, $DB_USER, $DB_PASS);
@ -15,7 +15,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -10,7 +10,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -6,7 +6,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -10,7 +10,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -10,7 +10,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -8,7 +8,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$uname = $attrs['uid'][0]; $uname = $attrs['uid'][0];

View File

@ -7,7 +7,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$userManager = new \pvv\admin\UserManager($pdo); $userManager = new \pvv\admin\UserManager($pdo);
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$loginname = $attrs['uid'][0]; $loginname = $attrs['uid'][0];

View File

@ -6,7 +6,7 @@ require __DIR__ . '/../../src/_autoload.php';
require __DIR__ . '/../../config.php'; require __DIR__ . '/../../config.php';
require_once __DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'; require_once __DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();

View File

@ -10,7 +10,7 @@ if(isset($_GET['id'])){
} }
require_once(__DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();
$projectManager = new \pvv\side\ProjectManager($pdo); $projectManager = new \pvv\side\ProjectManager($pdo);

View File

@ -6,7 +6,7 @@ require __DIR__ . '/../../src/_autoload.php';
require __DIR__ . '/../../config.php'; require __DIR__ . '/../../config.php';
require_once(__DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();

View File

@ -12,7 +12,7 @@ if(!isset($_POST['title']) or !isset($_POST['desc']) or !isset($_POST['active'])
} }
require_once(__DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php'); require_once(__DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp'); $as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(); $as->requireAuth();
$attrs = $as->getAttributes(); $attrs = $as->getAttributes();