forked from ziffmedia/laravel-onelogin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
onelogin.php
118 lines (100 loc) · 4.05 KB
/
onelogin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php
return [
/**
* Taken from your apps SSO configuration screen, the field called "Issuer URL"
*/
'issuer_url' => 'https://app.onelogin.com/saml/metadata/...',
/**
* Taken from your apps SSO configuration screen, the field called "SAML 2.0 Endpoint (HTTP)",
* this is your "single sign on url"
*/
'sso_url' => 'https://yourdomain.onelogin.com/trust/saml2/http-post/sso/...',
/**
* Taken from your apps SSO configuration screen, the field called "SLO Endpoint (HTTP)"
*/
'slo_url' => 'https://yourdomain.onelogin.com/trust/saml2/http-redirect/slo/...',
/**
* Taken from your apps SSO configuration screen, to get this value, click on "View Details"
* of the X.509 certificate on the SSO page. Once you see the certificate, paste its value
* (with or without newlines) inside the quoted value below. (This will be the textarea where
* the contents start with -----BEGIN CERTIFICATE-----
*/
'x509_cert' => 'MII......=',
/**
* These values affect how the appliaction behaves with regards to setting up urls and redirecting
*/
'routing' => [
/**
* By default, use the 'web' middleware for the onelogin.* route group, as well as the
* root routes /login and /logout if they are enabled
*/
'middleware' => 'web',
/**
* The domain to attach just the onelogin.* routes to
*/
'domain' => null,
/**
* The url that will be used when no "redirect back"/"previous" url can be determined in
* a workflow
*/
'fallback_redirect' => '/',
/**
* This plugin can provide /login and /logout routes to your application if they are enabled (which
* they are by default). Do this instead of using `artisan make:auth`
*/
'root_routes' => [
/**
* enable?
*/
'enable' => true,
/**
* Autologin (with enabled root routes) will not present a login button on the /login screen,
* instead it will automatically redirect to the onelogin.login route. The actual behavior here
* is that when a ->middleware('auth') route is hit by an unauthenticated user, the Error/Exception
* handler will attempt to redirect to /auth, which the laravel-onelogin package can now handle for you.
*/
'autologin' => false,
],
/**
* In certain circumstances (such as using cloudflare edge auth), the initial ACS POST request is
* inadvertantly turned into a GET request to the ACS route. Enabling this will make sure that GET
* requests are also redirected back to the onelogin SAML flow
*/
'enable_acs_redirect_for_get' => false,
],
/**
* By default, the onelogin package will use the auth.defaults.guard as the guard to setup the user.
* For applications with multiple guards (admin users vs. site users), configure this to use the guard
* for the set of users you with to authenticate against one login.
*
* Note: the guard's provider must have a auth.providers.{provider}.model option
*/
'guard' => null,
/**
* User configuration
*/
'user' => [
/**
* The map of attributes from the SAML Response <saml:Subject> section
*/
'attribute_map' => [
'email' => 'User.Email',
'name' => [
'User.FirstName',
'User.LastName'
]
],
/**
* If you want to have a development user that by-passes the onelogin SAML flow, you can enable this here.
* This is useful for when your application is not yet setup and you want to inject a development user as
* if it were a OneLogin provided user.
*/
'local_dev_user' => [
'enable' => false,
'attributes' => [
'name' => 'Developer',
'email' => 'developer@example.com',
]
]
]
];