mirror of https://github.com/status-im/codimd.git
Merge branch 'master' into develop
This commit is contained in:
commit
85fc41c350
|
@ -93,6 +93,7 @@
|
||||||
"idpCert": "change: certificate file path of IdP in PEM format",
|
"idpCert": "change: certificate file path of IdP in PEM format",
|
||||||
"issuer": "change or delete: identity of the service provider (default: serverurl)",
|
"issuer": "change or delete: identity of the service provider (default: serverurl)",
|
||||||
"identifierFormat": "change or delete: name identifier format (default: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress')",
|
"identifierFormat": "change or delete: name identifier format (default: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress')",
|
||||||
|
"disableRequestedAuthnContext": "change or delete: true to allow any authentication method, false restricts to password authentication method (default: false)",
|
||||||
"groupAttribute": "change or delete: attribute name for group list (ex: memberOf)",
|
"groupAttribute": "change or delete: attribute name for group list (ex: memberOf)",
|
||||||
"requiredGroups": [ "change or delete: group names that allowed" ],
|
"requiredGroups": [ "change or delete: group names that allowed" ],
|
||||||
"externalGroups": [ "change or delete: group names that not allowed" ],
|
"externalGroups": [ "change or delete: group names that not allowed" ],
|
||||||
|
|
|
@ -144,6 +144,7 @@ module.exports = {
|
||||||
idpCert: undefined,
|
idpCert: undefined,
|
||||||
issuer: undefined,
|
issuer: undefined,
|
||||||
identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
||||||
|
disableRequestedAuthnContext: false,
|
||||||
groupAttribute: undefined,
|
groupAttribute: undefined,
|
||||||
externalGroups: [],
|
externalGroups: [],
|
||||||
requiredGroups: [],
|
requiredGroups: [],
|
||||||
|
|
|
@ -117,6 +117,7 @@ module.exports = {
|
||||||
idpCert: process.env.CMD_SAML_IDPCERT,
|
idpCert: process.env.CMD_SAML_IDPCERT,
|
||||||
issuer: process.env.CMD_SAML_ISSUER,
|
issuer: process.env.CMD_SAML_ISSUER,
|
||||||
identifierFormat: process.env.CMD_SAML_IDENTIFIERFORMAT,
|
identifierFormat: process.env.CMD_SAML_IDENTIFIERFORMAT,
|
||||||
|
disableRequestedAuthnContext: toBooleanConfig(process.env.CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT),
|
||||||
groupAttribute: process.env.CMD_SAML_GROUPATTRIBUTE,
|
groupAttribute: process.env.CMD_SAML_GROUPATTRIBUTE,
|
||||||
externalGroups: toArrayConfig(process.env.CMD_SAML_EXTERNALGROUPS, '|', []),
|
externalGroups: toArrayConfig(process.env.CMD_SAML_EXTERNALGROUPS, '|', []),
|
||||||
requiredGroups: toArrayConfig(process.env.CMD_SAML_REQUIREDGROUPS, '|', []),
|
requiredGroups: toArrayConfig(process.env.CMD_SAML_REQUIREDGROUPS, '|', []),
|
||||||
|
|
|
@ -110,6 +110,7 @@ module.exports = {
|
||||||
idpCert: process.env.HMD_SAML_IDPCERT,
|
idpCert: process.env.HMD_SAML_IDPCERT,
|
||||||
issuer: process.env.HMD_SAML_ISSUER,
|
issuer: process.env.HMD_SAML_ISSUER,
|
||||||
identifierFormat: process.env.HMD_SAML_IDENTIFIERFORMAT,
|
identifierFormat: process.env.HMD_SAML_IDENTIFIERFORMAT,
|
||||||
|
disableRequestedAuthnContext: toBooleanConfig(process.env.HMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT),
|
||||||
groupAttribute: process.env.HMD_SAML_GROUPATTRIBUTE,
|
groupAttribute: process.env.HMD_SAML_GROUPATTRIBUTE,
|
||||||
externalGroups: toArrayConfig(process.env.HMD_SAML_EXTERNALGROUPS, '|', []),
|
externalGroups: toArrayConfig(process.env.HMD_SAML_EXTERNALGROUPS, '|', []),
|
||||||
requiredGroups: toArrayConfig(process.env.HMD_SAML_REQUIREDGROUPS, '|', []),
|
requiredGroups: toArrayConfig(process.env.HMD_SAML_REQUIREDGROUPS, '|', []),
|
||||||
|
|
|
@ -17,7 +17,8 @@ passport.use(new SamlStrategy({
|
||||||
entryPoint: config.saml.idpSsoUrl,
|
entryPoint: config.saml.idpSsoUrl,
|
||||||
issuer: config.saml.issuer || config.serverURL,
|
issuer: config.saml.issuer || config.serverURL,
|
||||||
cert: fs.readFileSync(config.saml.idpCert, 'utf-8'),
|
cert: fs.readFileSync(config.saml.idpCert, 'utf-8'),
|
||||||
identifierFormat: config.saml.identifierFormat
|
identifierFormat: config.saml.identifierFormat,
|
||||||
|
disableRequestedAuthnContext: config.saml.disableRequestedAuthnContext
|
||||||
}, function (user, done) {
|
}, function (user, done) {
|
||||||
// check authorization if needed
|
// check authorization if needed
|
||||||
if (config.saml.externalGroups && config.saml.groupAttribute) {
|
if (config.saml.externalGroups && config.saml.groupAttribute) {
|
||||||
|
|
Loading…
Reference in New Issue