depau/HackMD
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

added environment variables for SAML

Browse source
This commit is contained in:
Norihito Nakae 2017-11-29 20:26:28 +09:00
parent a22be81feb
commit 410268da74
2 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -174,6 +174,15 @@ There are some configs you need to change in the files below
| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider | | HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
| HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP | | HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP |
| HMD_SAML_IDPCERT | `/path/to/cert.pem` | certificate file path of IdP in PEM format | | HMD_SAML_IDPCERT | `/path/to/cert.pem` | certificate file path of IdP in PEM format |
| HMD_SAML_ISSUER | no example | identity of the service provider (optional, default: serverurl)" |
| HMD_SAML_IDENTIFIERFORMAT | no example | name identifier format (optional, default: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`) |
| HMD_SAML_GROUPATTRIBUTE | `memberOf` | attribute name for group list (optional) |
| HMD_SAML_REQUIREDGROUPS | `Hackmd-users` | group names that allowed (use vertical bar to separate) (optional) |
| HMD_SAML_EXTERNALGROUPS | `Temporary-staff` | group names that not allowed (use vertical bar to separate) (optional) |
| HMD_SAML_ATTRIBUTE_ID | `sAMAccountName` | attribute map for `id` (optional, default: NameID of SAML response) |
| HMD_SAML_ATTRIBUTE_USERNAME | `mailNickname` | attribute map for `username` (optional, default: NameID of SAML response) |
| HMD_SAML_ATTRIBUTE_DISPLAYNAME | `displayName` | attribute map for `displayname` (optional, default: NameID of SAML response) |
| HMD_SAML_ATTRIBUTE_EMAIL | `mail` | attribute map for `email` (optional, default: NameID of SAML response if `HMD_SAML_IDENTIFIERFORMAT` is default) |
| HMD_IMGUR_CLIENTID | no example | Imgur API client id | | HMD_IMGUR_CLIENTID | no example | Imgur API client id |
| HMD_EMAIL | `true` or `false` | set to allow email signin | | HMD_EMAIL | `true` or `false` | set to allow email signin |
| HMD_ALLOW_PDF_EXPORT | `true` or `false` | Enable or disable PDF exports | | HMD_ALLOW_PDF_EXPORT | `true` or `false` | Enable or disable PDF exports |
@ -251,6 +260,7 @@ There are some configs you need to change in the files below
| mattermost | `/auth/mattermost/callback` | | mattermost | `/auth/mattermost/callback` |
| dropbox | `/auth/dropbox/callback` | | dropbox | `/auth/dropbox/callback` |
| google | `/auth/google/callback` | | google | `/auth/google/callback` |
| saml | `/auth/saml/callback` |
# Developer Notes # Developer Notes

13
lib/config/environment.js
View file

@ -75,7 +75,18 @@ module.exports = {
}, },
saml: { saml: {
idpSsoUrl: process.env.HMD_SAML_IDPSSOURL, idpSsoUrl: process.env.HMD_SAML_IDPSSOURL,
idpCert: process.env.HMD_SAML_IDPCERT idpCert: process.env.HMD_SAML_IDPCERT,
issuer: process.env.HMD_SAML_ISSUER,
identifierFormat: process.env.HMD_SAML_IDENTIFIERFORMAT,
groupAttribute: process.env.HMD_SAML_GROUPATTRIBUTE,
externalGroups: process.env.HMD_SAML_EXTERNALGROUPS ? process.env.HMD_SAML_EXTERNALGROUPS.split('|') : [],
requiredGroups: process.env.HMD_SAML_REQUIREDGROUPS ? process.env.HMD_SAML_REQUIREDGROUPS.split('|') : [],
attribute: {
id: process.env.HMD_SAML_ATTRIBUTE_ID,
username: process.env.HMD_SAML_ATTRIBUTE_USERNAME,
displayName: process.env.HMD_SAML_ATTRIBUTE_DISPLAYNAME,
email: process.env.HMD_SAML_ATTRIBUTE_EMAIL
}
}, },
email: toBooleanConfig(process.env.HMD_EMAIL), email: toBooleanConfig(process.env.HMD_EMAIL),
allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER), allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER),