From c87ee96050232ff85ab733301c3405d950f1a971 Mon Sep 17 00:00:00 2001 From: very-ape Date: Mon, 17 May 2021 13:01:15 -0700 Subject: [PATCH] Add whitespace around comments in saml_settings to ease reading. --- saml/saml.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/saml/saml.php b/saml/saml.php index 87c9976a..a528965b 100755 --- a/saml/saml.php +++ b/saml/saml.php @@ -339,6 +339,7 @@ function saml_create_user($username, $email, $name) function saml_settings() { return [ + // If 'strict' is True, then the PHP Toolkit will reject unsigned // or unencrypted messages if it expects them to be signed or encrypted. // Also it will reject the messages if the SAML standard is not strictly @@ -357,18 +358,23 @@ function saml_settings() // Service Provider Data that we are deploying. 'sp' => [ + // Identifier of the SP entity (must be a URI) 'entityId' => DI::config()->get('saml', 'client_id'), + // Specifies info about where and how the message MUST be // returned to the requester, in this case our SP. 'assertionConsumerService' => [ + // URL Location where the from the IdP will be returned 'url' => DI::baseUrl() . '/saml/sso', + // SAML protocol binding to be used when returning the // message. OneLogin Toolkit supports this endpoint for the // HTTP-POST binding only. 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', ], + // If you need to specify requested attributes, set a // attributeConsumingService. nameFormat, attributeValue and // friendlyName can be omitted @@ -382,20 +388,25 @@ function saml_settings() ] ] ], + // Specifies info about where and how the message MUST be // returned to the requester, in this case our SP. 'singleLogoutService' => [ + // URL Location where the from the IdP will be returned 'url' => DI::baseUrl() . '/saml/slo', + // SAML protocol binding to be used when returning the // message. OneLogin Toolkit supports the HTTP-Redirect binding // only for this endpoint. 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', ], + // Specifies the constraints on the name identifier to be used to // represent the requested subject. // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported. 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', + // Usually x509cert and privateKey of the SP are provided by files placed at // the certs folder. But we can also provide them with the following parameters 'x509cert' => DI::config()->get('saml', 'sp_cert'), @@ -404,30 +415,39 @@ function saml_settings() // Identity Provider Data that we want connected with our SP. 'idp' => [ + // Identifier of the IdP entity (must be a URI) 'entityId' => DI::config()->get('saml', 'idp_id'), + // SSO endpoint info of the IdP. (Authentication Request protocol) 'singleSignOnService' => [ + // URL Target of the IdP where the Authentication Request Message // will be sent. 'url' => DI::config()->get('saml', 'sso_url'), + // SAML protocol binding to be used when returning the // message. OneLogin Toolkit supports the HTTP-Redirect binding // only for this endpoint. 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', ], + // SLO endpoint info of the IdP. 'singleLogoutService' => [ + // URL Location of the IdP where SLO Request will be sent. 'url' => DI::config()->get('saml', 'slo_request_url'), + // URL location of the IdP where SLO Response will be sent (ResponseLocation) // if not set, url for the SLO Request will be used 'responseUrl' => DI::config()->get('saml', 'slo_response_url'), + // SAML protocol binding to be used when returning the // message. OneLogin Toolkit supports the HTTP-Redirect binding // only for this endpoint. 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', ], + // Public x509 certificate of the IdP 'x509cert' => DI::config()->get('saml', 'idp_cert'), ],