Add login and automatic registration; Prepare Group sync

2025-08-07 23:03:00 +03:00 · 2019-08-06 23:42:46 +02:00
parent 3c41b15be6
commit bda0082461
10 changed files with 334 additions and 14 deletions
--- a/app/Config/saml2_settings.php
+++ b/app/Config/saml2_settings.php
@@ -29,7 +29,7 @@ return $settings = array(
     * which middleware group to use for the saml routes
     * Laravel 5.2 will need a group which includes StartSession
     */
-    'routesMiddleware' => [],
+    'routesMiddleware' => ['saml'],

    /**
     * Indicates how the parameters will be
@@ -101,6 +101,8 @@ return $settings = array(
            // using HTTP-POST binding.
            // Leave blank to use the 'saml_acs' route
            'url' => '',
+
+            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
        ),
        // Specifies info about where and how the <Logout Response> message MUST be
        // returned to the requester, in this case our SP.
@@ -138,7 +140,16 @@ return $settings = array(
        // 'certFingerprint' => '',
    ),

-
+    /***
+     *   OneLogin compression settings
+     *
+     */
+    'compress' => array(
+        /** Whether requests should be GZ encoded */
+        'requests' => true,
+        /** Whether responses should be GZ compressed */
+        'responses' => true,
+    ),

    /***
     *
--- a/app/Config/services.php
+++ b/app/Config/services.php
@@ -98,8 +98,8 @@ return [
    'okta' => [
        'client_id' => env('OKTA_APP_ID'),
        'client_secret' => env('OKTA_APP_SECRET'),
-        'redirect' => env('APP_URL') . '/login/service/okta/callback', 
-        'base_url' => env('OKTA_BASE_URL'), 
+        'redirect' => env('APP_URL') . '/login/service/okta/callback',
+        'base_url' => env('OKTA_BASE_URL'),
        'name'          => 'Okta',
        'auto_register' => env('OKTA_AUTO_REGISTER', false),
        'auto_confirm' => env('OKTA_AUTO_CONFIRM_EMAIL', false),
@@ -143,10 +143,21 @@ return [
        'email_attribute' => env('LDAP_EMAIL_ATTRIBUTE', 'mail'),
        'display_name_attribute' => env('LDAP_DISPLAY_NAME_ATTRIBUTE', 'cn'),
        'follow_referrals' => env('LDAP_FOLLOW_REFERRALS', false),
-		'user_to_groups' => env('LDAP_USER_TO_GROUPS',false),
-		'group_attribute' => env('LDAP_GROUP_ATTRIBUTE', 'memberOf'),
-		'remove_from_groups' => env('LDAP_REMOVE_FROM_GROUPS',false),
-		'tls_insecure' => env('LDAP_TLS_INSECURE', false),
-	]
+        'user_to_groups' => env('LDAP_USER_TO_GROUPS',false),
+        'group_attribute' => env('LDAP_GROUP_ATTRIBUTE', 'memberOf'),
+        'remove_from_groups' => env('LDAP_REMOVE_FROM_GROUPS',false),
+        'tls_insecure' => env('LDAP_TLS_INSECURE', false),
+    ],
+
+    'saml' => [
+        'enabled' => env('SAML2_ENABLED', false),
+        'auto_register' => env('SAML_AUTO_REGISTER', false),
+        'email_attribute' => env('SAML_EMAIL_ATTRIBUTE', 'email'),
+        'display_name_attribute' => explode('|', env('SAML_DISPLAY_NAME_ATTRIBUTE', 'username')),
+        'user_name_attribute' => env('SAML_USER_NAME_ATTRIBUTE', null),
+        'group_attribute' => env('SAML_GROUP_ATTRIBUTE', 'group'),
+        'user_to_groups' => env('SAML_USER_TO_GROUPS', false),
+        'id_is_user_name' => env('SAML_ID_IS_USER_NAME', true),
+    ]

 ];