mirror of
https://github.com/SuiteCRM/SuiteCRM-Core.git
synced 2025-08-29 11:00:40 +08:00
c6ab4c31e4
- Update controllers to point to new lib - Adjust base onelogin config - Update firewall configuration
65 lines
2.6 KiB
YAML
65 lines
2.6 KiB
YAML
nbgrp_onelogin_saml:
|
|
onelogin_settings:
|
|
default:
|
|
# Mandatory SAML settings
|
|
idp:
|
|
entityId: 'https://id.example.com/saml2/idp/metadata.php'
|
|
singleSignOnService:
|
|
url: 'https://id.example.com/saml2/idp/SSOService.php'
|
|
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
|
|
singleLogoutService:
|
|
url: 'https://id.example.com/saml2/idp/SingleLogoutService.php'
|
|
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
|
|
x509cert: 'MIIC...'
|
|
sp:
|
|
entityId: 'https://myapp.com/saml/metadata' # Default: '<request_scheme_and_host>/saml/metadata'
|
|
assertionConsumerService:
|
|
url: 'https://myapp.com/saml/acs' # Default: '<request_scheme_and_host>/saml/acs'
|
|
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
|
|
singleLogoutService:
|
|
url: 'https://myapp.com/saml/logout' # Default: '<request_scheme_and_host>/saml/logout'
|
|
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
|
|
privateKey: 'MIIE...'
|
|
# Optional SAML settings
|
|
baseurl: 'https://myapp.com/saml/' # Default: '<request_scheme_and_host>/saml/'
|
|
strict: true
|
|
debug: true
|
|
security:
|
|
nameIdEncrypted: false
|
|
authnRequestsSigned: false
|
|
logoutRequestSigned: false
|
|
logoutResponseSigned: false
|
|
signMetadata: false
|
|
wantMessagesSigned: false
|
|
wantAssertionsEncrypted: false
|
|
wantAssertionsSigned: true
|
|
wantNameId: false
|
|
wantNameIdEncrypted: false
|
|
requestedAuthnContext: true
|
|
wantXMLValidation: false
|
|
relaxDestinationValidation: false
|
|
destinationStrictlyMatches: true
|
|
allowRepeatAttributeName: false
|
|
rejectUnsolicitedResponsesWithInResponseTo: false
|
|
signatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
|
|
digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256'
|
|
encryption_algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
|
|
lowercaseUrlencoding: false
|
|
contactPerson:
|
|
technical:
|
|
givenName: 'Tech User'
|
|
emailAddress: 'techuser@example.com'
|
|
support:
|
|
givenName: 'Support User'
|
|
emailAddress: 'supportuser@example.com'
|
|
administrative:
|
|
givenName: 'Administrative User'
|
|
emailAddress: 'administrativeuser@example.com'
|
|
organization:
|
|
en-US:
|
|
name: 'Example'
|
|
displayname: 'Example'
|
|
url: 'http://example.com'
|
|
compress:
|
|
requests: false
|
|
responses: false
|
