From 034478409e3101d9fad8a4073112ffcb3f7852fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Mare=C5=A1?= Date: Fri, 3 Apr 2020 14:05:07 +0200 Subject: [PATCH] Add support Windows Authentication via SAML --- .env.example.complete | 8 +++++++- app/Config/saml2.php | 6 ++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.env.example.complete b/.env.example.complete index 86a7351c2..d3f109f2f 100644 --- a/.env.example.complete +++ b/.env.example.complete @@ -222,6 +222,12 @@ SAML2_ONELOGIN_OVERRIDES=null SAML2_DUMP_USER_DETAILS=false SAML2_AUTOLOAD_METADATA=false +# SAML Authentication context. +# Set to false and no AuthContext will be sent in the AuthNRequest, +# Set true and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' +# Set an array with the possible auth context values: array ('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'), +SAML2_IDP_AUTHNCONTEXT=false + # SAML group sync configuration # Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/ SAML2_USER_TO_GROUPS=false @@ -267,4 +273,4 @@ API_DEFAULT_ITEM_COUNT=100 API_MAX_ITEM_COUNT=500 # The number of API requests that can be made per minute by a single user. -API_REQUESTS_PER_MIN=180 \ No newline at end of file +API_REQUESTS_PER_MIN=180 diff --git a/app/Config/saml2.php b/app/Config/saml2.php index 5f2c1395b..83fa4f227 100644 --- a/app/Config/saml2.php +++ b/app/Config/saml2.php @@ -139,6 +139,12 @@ return [ // ) // ), ], + 'security' => [ + // Specifies Authentication context + // false means that IDP choose authentication method + // null force Form based authentication or is possible set via array supported methods. See to onelogin/php-sampl/advance_settings + 'requestedAuthnContext' => env('SAML2_IDP_AUTHNCONTEXT',false), + ], ], ];