You are here

Home » API reference » SAML Authentication 4.x

samlauth.authentication.yml in SAML Authentication 4.x

Same filename in this branch
  1. 4.x test_resources/samlauth.authentication.yml
  2. 4.x config/install/samlauth.authentication.yml
Same filename and directory in other branches
  1. 8.3 config/install/samlauth.authentication.yml
  2. 8.2 config/install/samlauth.authentication.yml
config/install/samlauth.authentication.yml
9 string references to 'samlauth.authentication'
LoginLogoutMenuLink::__construct in src/Plugin/Menu/LoginLogoutMenuLink.php
Constructs a new LoginLogoutMenuLink.
SamlService::acs in src/SamlService.php
Processes a SAML response (Assertion Consumer Service).
SamlService::doLogin in src/SamlService.php
Logs a user in, creating / linking an account; synchronizes attributes.
SamlService::getSamlAuth in src/SamlService.php
Returns an initialized Auth class from the SAML Toolkit.
SamlService::login in src/SamlService.php
Initiates a SAML2 authentication flow and redirects to the IdP.

... See full list

File

config/install/samlauth.authentication.yml
View source 
  1. # Much of this module's configuration must be filled from scratch by the

  2. # administrator - or provided in an install routine that sets dynamic values

  3. # for e.g. the SP Entity ID, if new site installation is automated. In the

  4. # latter case, change the 'caching / validity' settings to be production

  5. # defaults. Below values accommodate testing.

  6. #

  7. # This is TRUE on older installs; FALSE on new installs; doesn't matter much

  8. # if metadata.xml is not reachable to the public.

  9. metadata_cache_http: false

  10. # Not set on older installs; 1 minute on new installs. The default (not set)

  11. # is evaluated to 172800 == 2 days by the SAML Toolkit, so it's probably good

  12. # to set the same (or delete / not set this config value) on production systems.

  13. metadata_valid_secs: 60

  14. # This is TRUE on older installs; FALSE on new installs.

  15. local_login_saml_error: false

  16. #

  17. # We will enable some security settings by default, since it is possible but

  18. # not recommended for the module to operate without them. This is a deviation

  19. # from the SAML Toolkit which does not set these values to True by default.

  20. security_authn_requests_sign: true

  21. security_logout_requests_sign: true

  22. security_logout_responses_sign: true

  23. strict: true

  24. # FYI: naming oops: this means "require to be signed", not "sign".

  25. security_messages_sign: true

  26. # The following (badly named) option is False by default in the SAML toolkit

  27. # but is causing issues for e.g. ADFS IdPs, and the module maintainer is

  28. # convinced that (unlike other options) noone is harmed by just always having

  29. # it be True.

  30. security_lowercase_url_encoding: true

  31. # The following are True by default in the SAML Toolkit. They have defaults in

  32. # the configuration screen's code to make sure older installs were not affected

  33. # (i.e. values kept being True) when these configuration settings were added.

  34. # So those defaults in code should keep being set for backward compatibility,

  35. # even if we decide to set explicitly set these options to False in this file,

  36. # for new installs. (We may well want to do that for the NameID options, once

  37. # we're sure this has no adverse effects.)

  38. request_set_name_id_policy: true

  39. security_want_name_id: true

  40. # The following option has existed since forever and has not been set to true

  41. # in this file until 3.x-alpha2, even though it is True by default in the SAML

  42. # Toolkit. This means it would flip to False, whenever the configuration screen

  43. # was saved without explicitly checking the checkbox. We'll set it to True for

  44. # new installations.

  45. security_request_authn_context: true

  46. # False on older installs; will be removed (and be 'standard true') in v4.x.

  47. use_base_url: true