From 410268da741d61c9f010514a6e7dd59542a051d8 Mon Sep 17 00:00:00 2001 From: Norihito Nakae Date: Wed, 29 Nov 2017 20:26:28 +0900 Subject: [PATCH] added environment variables for SAML --- README.md | 10 ++++++++++ lib/config/environment.js | 13 ++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3213370..9da2b3e 100644 --- a/README.md +++ b/README.md @@ -174,6 +174,15 @@ There are some configs you need to change in the files below | HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider | | HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP | | HMD_SAML_IDPCERT | `/path/to/cert.pem` | certificate file path of IdP in PEM format | +| HMD_SAML_ISSUER | no example | identity of the service provider (optional, default: serverurl)" | +| HMD_SAML_IDENTIFIERFORMAT | no example | name identifier format (optional, default: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`) | +| HMD_SAML_GROUPATTRIBUTE | `memberOf` | attribute name for group list (optional) | +| HMD_SAML_REQUIREDGROUPS | `Hackmd-users` | group names that allowed (use vertical bar to separate) (optional) | +| HMD_SAML_EXTERNALGROUPS | `Temporary-staff` | group names that not allowed (use vertical bar to separate) (optional) | +| HMD_SAML_ATTRIBUTE_ID | `sAMAccountName` | attribute map for `id` (optional, default: NameID of SAML response) | +| HMD_SAML_ATTRIBUTE_USERNAME | `mailNickname` | attribute map for `username` (optional, default: NameID of SAML response) | +| HMD_SAML_ATTRIBUTE_DISPLAYNAME | `displayName` | attribute map for `displayname` (optional, default: NameID of SAML response) | +| HMD_SAML_ATTRIBUTE_EMAIL | `mail` | attribute map for `email` (optional, default: NameID of SAML response if `HMD_SAML_IDENTIFIERFORMAT` is default) | | HMD_IMGUR_CLIENTID | no example | Imgur API client id | | HMD_EMAIL | `true` or `false` | set to allow email signin | | HMD_ALLOW_PDF_EXPORT | `true` or `false` | Enable or disable PDF exports | @@ -251,6 +260,7 @@ There are some configs you need to change in the files below | mattermost | `/auth/mattermost/callback` | | dropbox | `/auth/dropbox/callback` | | google | `/auth/google/callback` | +| saml | `/auth/saml/callback` | # Developer Notes diff --git a/lib/config/environment.js b/lib/config/environment.js index e339832..3b2e34a 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -75,7 +75,18 @@ module.exports = { }, saml: { idpSsoUrl: process.env.HMD_SAML_IDPSSOURL, - idpCert: process.env.HMD_SAML_IDPCERT + idpCert: process.env.HMD_SAML_IDPCERT, + issuer: process.env.HMD_SAML_ISSUER, + identifierFormat: process.env.HMD_SAML_IDENTIFIERFORMAT, + groupAttribute: process.env.HMD_SAML_GROUPATTRIBUTE, + externalGroups: process.env.HMD_SAML_EXTERNALGROUPS ? process.env.HMD_SAML_EXTERNALGROUPS.split('|') : [], + requiredGroups: process.env.HMD_SAML_REQUIREDGROUPS ? process.env.HMD_SAML_REQUIREDGROUPS.split('|') : [], + attribute: { + id: process.env.HMD_SAML_ATTRIBUTE_ID, + username: process.env.HMD_SAML_ATTRIBUTE_USERNAME, + displayName: process.env.HMD_SAML_ATTRIBUTE_DISPLAYNAME, + email: process.env.HMD_SAML_ATTRIBUTE_EMAIL + } }, email: toBooleanConfig(process.env.HMD_EMAIL), allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER),