1<?php 2/** 3 * Sample configuration file. 4 * 5 * @author Ivan Novakov http://novakov.cz/ 6 * @license http://debug.cz/license/bsd-3-clause BSD 3 Clause 7 * @link https://github.com/ivan-novakov/dokuwiki-shibboleth-auth 8 */ 9$conf['plugin']['authshibboleth'] = array( 10 11 /* 12 * auth plugin (auth.php) 13 */ 14 15 /* 16 * use_dokuwiki_session 17 * 18 * If set to true, once the user is authenticated, the DokuWiki session will be used to persist the user's 19 * identity. Otherwise, the authentication process is performed upon each request. 20 */ 21 //'use_dokuwiki_session' => true, 22 23 /* 24 * The server variable, which contains the ID of the Shibboleth session. 25 */ 26 //'var_shib_session_id' => 'Shib-Session-ID', 27 28 /* 29 * var_remote_user 30 * 31 * The server variable, which contains the remote user's identity (username, user ID etc.). 32 */ 33 //'var_remote_user' => 'REMOTE_USER', 34 35 /* 36 * var_display_name 37 * 38 * The server variable, which contains user's display name. 39 */ 40 //'var_display_name' => 'cn', 41 42 /* 43 * var_mail 44 * 45 * The server variable, which contains user's email. 46 */ 47 //'var_mail' => 'mail', 48 49 /* 50 * display_name_tpl 51 * 52 * Simple template for user display name construction. For example - "{givenName} {sn}". 53 */ 54 //'display_name_tpl' => null, 55 56 /* 57 * group_source_config 58 * 59 * Configures how user's groups are resolved. It is possible to define multiple sources of different 60 * types. Currently these types are available: 61 * 62 * - type "environment" - data are extracted from the environment (the $_SERVER variable) 63 * - options: 64 * - "source_attribute" (required) - defines the name of the variable containing the groups 65 * 66 * - type "file" - data are read from a file (see the conf/custom_groups.php sample file for more info). 67 * - options: 68 * - "path" (required) - the full path to the group file 69 * 70 * Common options: 71 * - "map" (optional) - map values to custom group names 72 * - "prefix" (optional) - add a prefix for each group name from that source, applies after mapping 73 * 74 * 75 */ 76 'group_source_config' => array( 77 78 /* 79 * Example configuration 80 */ 81 82 /* 83 * The groups are taken from the "affiliation" attribute and are prefixed with "aff:". 84 */ 85 /* 86 'groups' => array( 87 'type' => 'environment', 88 'options' => array( 89 'source_attribute' => 'affiliation', 90 'prefix' => 'aff:' 91 ) 92 ), 93 */ 94 95 /* 96 * The groups are taken from the entitlement attribute and the values are mapped to group names. 97 * Theses group names are finally prefixed with "ent:". 98 */ 99 /* 100 'entitlement' => array( 101 'type' => 'environment', 102 'options' => array( 103 'source_attribute' => 'entitlement', 104 'map' => array( 105 'entitlement1' => 'group1', 106 'entitlement2' => 'group2' 107 ), 108 'prefix' => 'ent:' 109 ) 110 ), 111 */ 112 113 /* 114 * The groups are read from the "custom_groups.php" file in the same directory. 115 */ 116 /* 117 'custom' => array( 118 'type' => 'file', 119 'options' => array( 120 'path' => __DIR__ . '/custom_groups.php' 121 ) 122 ) 123 */ 124 ), 125 126 /* 127 * shibboleth_handler_base 128 * 129 * The base URL for Shibboleth handlers. 130 */ 131 //'shibboleth_handler_base' => '/Shibboleth.sso/', 132 133 /* 134 * logout_handler 135 * 136 * The name of the Shibboleth Logout handler. 137 */ 138 //'logout_handler' => 'Logout', 139 140 /* 141 * logout_handler_location 142 * 143 * Instead of specifying the handler base and the logout handler (see above), it is possible to specify 144 * the full logout URL, for example - https://sp.example.org/Shibboleth.sso/Logout. 145 */ 146 //'logout_handler_location' => null, 147 148 /* 149 * logout_return_url 150 * 151 * The URL to redirect users after logout has been processed. If not specified, the current page 152 * will be used. 153 */ 154 //'logout_return_url' => null, 155 156 157 /* 158 * log_enabled 159 * 160 * Enables logging. In order to actually log something, one of these options must be set - 161 * "log_file" or "log_to_php". 162 */ 163 //'log_enabled' => false, 164 165 /* 166 * log_file 167 * 168 * The full path to the log file. 169 */ 170 //'log_file' => null, 171 172 /* 173 * log_to_php 174 * 175 * Write log messages to the PHP error log. 176 */ 177 //'log_to_php' => false, 178 179 /* 180 * log_priority 181 * 182 * Set the log level: DEBUG=7, INFO=6, ERR=3 183 */ 184 //'log_priority' => 7, 185 186 /* 187 * auth_usersfile 188 * 189 * Cache file for users display name and mail address 190 */ 191 //'auth_usersfile' => 'users.auth.shib.php', 192 193 /* 194 * action plugin (action.php) 195 */ 196 197 /* 198 * login_handler 199 * 200 * The name of the login handler to be used. 201 */ 202 //'login_handler' => 'Login', 203 204 /* 205 * login_handler_location 206 * 207 * Instead of specifying the handler base and the login handler (see above), it is possible to specify 208 * the full login URL, for example - https://sp.example.org/Shibboleth.sso/Login. 209 */ 210 //'login_handler_location' => null, 211 212 /* 213 * login_target 214 * 215 * Target page to redirect to, after successful login. If not specified, the current page will be used. 216 */ 217 //'login_target' => null 218);