Add support Windows Authentication via SAML

2024-11-22 12:55:14 +08:00 · 2020-04-03 14:05:07 +02:00 · 2020-04-03 14:05:07 +02:00 · 034478409e
commit 034478409e
parent 64942268b8
2 changed files with 13 additions and 1 deletions
--- a/.env.example.complete
+++ b/.env.example.complete
@ -222,6 +222,12 @@ SAML2_ONELOGIN_OVERRIDES=null
 SAML2_DUMP_USER_DETAILS=false
 SAML2_AUTOLOAD_METADATA=false

+# SAML Authentication context.
+# Set to false and no AuthContext will be sent in the AuthNRequest,
+# Set true and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
+# Set an array with the possible auth context values: array ('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'),
+SAML2_IDP_AUTHNCONTEXT=false
+
 # SAML group sync configuration
 # Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/
 SAML2_USER_TO_GROUPS=false
@ -267,4 +273,4 @@ API_DEFAULT_ITEM_COUNT=100
 API_MAX_ITEM_COUNT=500

 # The number of API requests that can be made per minute by a single user.
-API_REQUESTS_PER_MIN=180
+API_REQUESTS_PER_MIN=180
--- a/app/Config/saml2.php
+++ b/app/Config/saml2.php
@ -139,6 +139,12 @@ return [
            //      )
            // ),
        ],
+        'security' => [
+            // Specifies Authentication context
+            // false means that IDP choose authentication method
+            // null force Form based authentication or is possible set via array supported methods. See to onelogin/php-sampl/advance_settings
+            'requestedAuthnContext' => env('SAML2_IDP_AUTHNCONTEXT',false), 
+        ],
    ],

 ];