simplesamlphp-module-casserver/tests/config/module_casserver.php at 330fbb7a3c1b807e89d0b5dca9144e9f432e36b5 · simplesamlphp/simplesamlphp-module-casserver · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<?php

/**
 * Configuration for the module casserver.
 *
 */
$config = [
    'authsource' => 'casserver',

    /* Scopes are named sets of entityIDs to be used for scoping. If a named scope is provided during login, then the
       IdPs listed by the disco service will be restricted to entityIDs in the specified set. */
    'scopes' => [
        'mobile' => [
            'https://idp1.domain:1234/saml2/idp/metadata.php',
            'https://idp2.domain:5678/saml2/idp/metadata.php'
        ],
        'desktop' => [
             'https://idp3.domain:1234/saml2/idp/metadata.php',
             'https://idp4.domain:5678/saml2/idp/metadata.php'
        ]
    ],

    'legal_service_urls' => [
        // Any service url string matching any of the following prefixes is accepted
        'http://host1.domain:1234/path1',
        'https://host2.domain:5678/path2/path3',
        '|https://override.example.com/|' => [
            'attrname' => 'uid',
            'attributes_to_transfer' => ['cn'],
        ],
        'http://changeTicketParam' => [
            'ticketName' => 'myTicket',
        ],
        'https://encoding.edu' => [
        ]
    ],

    'legal_target_service_urls' => [
        // Any target service url string matching any of the following prefixes is accepted
        'http://host3.domain:4321/path4',
        'https://host4.domain:8765/path5/path6',
    ],

    'ticketstore' => [
        //defaults to filesystem ticket store using the directory 'ticketcache'
        'class' => 'casserver:FileSystemTicketStore', //Not intended for production
        'directory' => dirname(__DIR__) . '/ticketcache',

        //'class' => 'casserver:MemCacheTicketStore',
        //'prefix' => 'some_prefix',

        //'class' => 'casserver:SQLTicketStore',
        //'dsn' => 'pgsql:host=localhost;port=5432;dbname=casserver',
        //'username' => 'username',
        //'password' => 'password',
        //'prefix' => 'some_prefix',
    ],

    'attrname' => 'eduPersonPrincipalName', // 'eduPersonPrincipalName',
    'attributes' => true, // enable transfer of attributes, defaults to false
    'attributes_to_transfer' => ['eduPersonPrincipalName'], // set of attributes to transfer, defaults to all

    'base64attributes' => false, //base64 encode transferred attributes, defaults to false
    'base64_attributes_indicator_attribute' => 'base64Attributes', /*add an attribute with the value of the base64attributes
                                                                     configuration parameter to the set of transferred attributes.
                                                                     Defaults to not adding an indicator attribute. */

    'enable_logout' => true, //enable CAS logout, defaults to false
    'skip_logout_page' => true, /*perform a redirect instead of showing a logout page with a link to the location
                                  given in the url parameter, defaults to false. Skipping the logout page makes the
                                  url query parameter to CAS logout mandatory for obvious reasons.*/

    'service_ticket_expire_time' => 5, //how many seconds service tickets are valid for, defaults to 5
    'proxy_granting_ticket_expire_time' => 600, //how many seconds proxy granting tickets are valid for at most, defaults to 3600
    'proxy_ticket_expire_time' => 5, //how many seconds proxy tickets are valid for, defaults to 5

    'debugMode' => true,
];