samlauth.authentication.yml in SAML Authentication 8.3
Same filename in this branch
Same filename and directory in other branches
config/install/samlauth.authentication.yml
9 string references to 'samlauth.authentication'
- LoginLogoutMenuLink::__construct in src/
Plugin/ Menu/ LoginLogoutMenuLink.php - Constructs a new LoginLogoutMenuLink.
- SamlService::acs in src/
SamlService.php - Processes a SAML response (Assertion Consumer Service).
- SamlService::doLogin in src/
SamlService.php - Logs a user in, creating / linking an account; synchronizes attributes.
- SamlService::getSamlAuth in src/
SamlService.php - Returns an initialized Auth class from the SAML Toolkit.
- SamlService::login in src/
SamlService.php - Initiates a SAML2 authentication flow and redirects to the IdP.
File
config/install/samlauth.authentication.ymlView source
- # Much of this module's configuration must be filled from scratch by the
- # administrator - or provided in an install routine that sets dynamic values
- # for e.g. the SP Entity ID, if new site installation is automated. In the
- # latter case, change the 'caching / validity' settings to be production
- # defaults. Below values accommodate testing.
- #
- # This is TRUE on older installs; FALSE on new installs; doesn't matter much
- # if metadata.xml is not reachable to the public.
- metadata_cache_http: false
- # Not set on older installs; 1 minute on new installs. The default (not set)
- # is evaluated to 172800 == 2 days by the SAML Toolkit, so it's probably good
- # to set the same (or delete / not set this config value) on production systems.
- metadata_valid_secs: 60
- # This is TRUE on older installs; FALSE on new installs.
- local_login_saml_error: false
- #
- # We will enable some security settings by default, since it is possible but
- # not recommended for the module to operate without them. This is a deviation
- # from the SAML Toolkit which does not set these values to True by default.
- security_authn_requests_sign: true
- security_logout_requests_sign: true
- security_logout_responses_sign: true
- strict: true
- # FYI: naming oops: this means "require to be signed", not "sign".
- security_messages_sign: true
- # The following (badly named) option is False by default in the SAML toolkit
- # but is causing issues for e.g. ADFS IdPs, and the module maintainer is
- # convinced that (unlike other options) noone is harmed by just always having
- # it be True.
- security_lowercase_url_encoding: true
- # The following are True by default in the SAML Toolkit. They have defaults in
- # the configuration screen's code to make sure older installs were not affected
- # (i.e. values kept being True) when these configuration settings were added.
- # So those defaults in code should keep being set for backward compatibility,
- # even if we decide to set explicitly set these options to False in this file,
- # for new installs. (We may well want to do that for the NameID options, once
- # we're sure this has no adverse effects.)
- request_set_name_id_policy: true
- security_want_name_id: true
- # The following option has existed since forever and has not been set to true
- # in this file until 3.x-alpha2, even though it is True by default in the SAML
- # Toolkit. This means it would flip to False, whenever the configuration screen
- # was saved without explicitly checking the checkbox. We'll set it to True for
- # new installations.
- security_request_authn_context: true
- # False on older installs; will be removed (and be 'standard true') in v4.x.
- use_base_url: true