123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155 |
- <?php
- /* For license terms, see /license.txt */
- exit;
- $spBaseUrl = api_get_path(WEB_PATH).'plugin/keycloak/';
- $url = 'http://localhost:8080/';
- $realm = 'master';
- $path = '/path';
- $certificate = file_get_contents($path);
- $settingsInfo = [
- 'strict' => false,
- 'debug' => true,
- 'sp' => [
- 'entityId' => $spBaseUrl.'metadata.php',
- 'assertionConsumerService' => [
- 'url' => $spBaseUrl.'start.php?acs',
- ],
- 'singleLogoutService' => [
- 'url' => $spBaseUrl.'start.php?sls',
- ],
- 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
- ],
- 'idp' => [
- 'entityId' => $url.'auth/realms/'.$realm, // Example http://localhost:8080/auth/realms/master
- 'singleSignOnService' => [
- 'url' => $url.'auth/realms/'.$realm.'/protocol/saml', // example http://localhost:8080/auth/realms/master/protocol/saml
- ],
- 'singleLogoutService' => [
- 'url' => $url.'auth/realms/'.$realm.'/protocol/saml', // example http://localhost:8080/auth/realms/master/protocol/saml
- ],
- 'x509cert' => $certificate,
- ],
- ];
- // advanced settings
- //
- //
- //// Compression settings
- //'compress' => array (
- // 'requests' => true,
- // 'responses' => true
- //),
- // // Security settings
- // 'security' => array (
- //
- // /** signatures and encryptions offered */
- //
- // // Indicates that the nameID of the <samlp:logoutRequest> sent by this SP
- // // will be encrypted.
- // 'nameIdEncrypted' => false,
- //
- // // Indicates whether the <samlp:AuthnRequest> messages sent by this SP
- // // will be signed. [Metadata of the SP will offer this info]
- // 'authnRequestsSigned' => false,
- //
- // // Indicates whether the <samlp:logoutRequest> messages sent by this SP
- // // will be signed.
- // 'logoutRequestSigned' => false,
- //
- // // Indicates whether the <samlp:logoutResponse> messages sent by this SP
- // // will be signed.
- // 'logoutResponseSigned' => false,
- //
- // /* Sign the Metadata
- // False || True (use sp certs) || array (
- // keyFileName => 'metadata.key',
- // certFileName => 'metadata.crt'
- // )
- // */
- // 'signMetadata' => false,
- //
- // /** signatures and encryptions required **/
- //
- // // Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest>
- // // and <samlp:LogoutResponse> elements received by this SP to be signed.
- // 'wantMessagesSigned' => false,
- //
- // // Indicates a requirement for the <saml:Assertion> elements received by
- // // this SP to be encrypted.
- // 'wantAssertionsEncrypted' => false,
- //
- // // Indicates a requirement for the <saml:Assertion> elements received by
- // // this SP to be signed. [Metadata of the SP will offer this info]
- // 'wantAssertionsSigned' => false,
- //
- // // Indicates a requirement for the NameID element on the SAMLResponse
- // // received by this SP to be present.
- // 'wantNameId' => true,
- //
- // // Indicates a requirement for the NameID received by
- // // this SP to be encrypted.
- // 'wantNameIdEncrypted' => false,
- //
- // // Authentication context.
- // // Set to false and no AuthContext will be sent in the AuthNRequest.
- // // Set true or don't present this parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'.
- // // Set an array with the possible auth context values: array ('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509').
- // 'requestedAuthnContext' => true,
- //
- // // Indicates if the SP will validate all received xmls.
- // // (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true).
- // 'wantXMLValidation' => true,
- //
- // // If true, SAMLResponses with an empty value at its Destination
- // // attribute will not be rejected for this fact.
- // 'relaxDestinationValidation' => false,
- //
- // // Algorithm that the toolkit will use on signing process. Options:
- // // 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
- // // 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
- // // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
- // // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
- // // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
- // // Notice that sha1 is a deprecated algorithm and should not be used
- // 'signatureAlgorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
- //
- // // Algorithm that the toolkit will use on digest process. Options:
- // // 'http://www.w3.org/2000/09/xmldsig#sha1'
- // // 'http://www.w3.org/2001/04/xmlenc#sha256'
- // // 'http://www.w3.org/2001/04/xmldsig-more#sha384'
- // // 'http://www.w3.org/2001/04/xmlenc#sha512'
- // // Notice that sha1 is a deprecated algorithm and should not be used
- // 'digestAlgorithm' => 'http://www.w3.org/2001/04/xmlenc#sha256',
- //
- // // ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses
- // // uppercase. Turn it True for ADFS compatibility on signature verification
- // 'lowercaseUrlencoding' => false,
- //),
- //
- // // Contact information template, it is recommended to supply a
- // // technical and support contacts.
- // 'contactPerson' => array (
- // 'technical' => array (
- // 'givenName' => 'example',
- // 'emailAddress' => 'test@example.org'
- // ),
- // 'support' => array (
- // 'givenName' => 'example',
- // 'emailAddress' => 'test@example.org'
- // ),
- //),
- //
- // // Organization information template, the info in en_US lang is
- // // recomended, add more if required.
- // 'organization' => array (
- // 'en-US' => array(
- // 'name' => 'chamilo',
- // 'displayname' => 'chamilo',
- // 'url' => 'chamilo.org'
- // ),
- //),
|