richard
/
wiki
mirror of https://github.com/Requarks/wiki.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
815 Commits
3 Branches
120 Tags
80 MiB
Tree: de10a55c4c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'de10a55c4c'
${ noResults }
wiki/server/modules/authentication/saml/definition.yml

84 lines
3.2 KiB
Raw Normal View History

feat: admin UI fixes + SAML strategy + dashboard gql
6 years ago
feat: auth jwt, permissions, login ui (wip)
6 years ago
feat: admin UI fixes + SAML strategy + dashboard gql
6 years ago
  1. key: saml
  2. title: SAML 2.0
  3. description: Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization data between security domains.
  4. author: requarks.io
  5. logo: https://static.requarks.io/logo/saml.svg
  6. color: red darken-3
  7. website: https://wiki.oasis-open.org/security/FrontPage
  8. useForm: false
  9. props:
  10. entryPoint:
  11. type: String
  12. title: Entry Point
  13. hint: Identity provider entrypoint (URL)
  14. issuer:
  15. type: String
  16. title: Issuer
  17. hint: Issuer string to supply to Identity Provider
  18. audience:
  19. type: String
  20. title: Audience
  21. hint: Expected SAML response Audience (if not provided, Audience won't be verified)
  22. cert:
  23. type: String
  24. title: Certificate
  25. hint: Public PEM-encoded X.509 signing certificate contents in base64 (e.g. 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqh ... W=='). If the provider has multiple certificates that are valid, join them together using the | pipe symbol.
  26. privateCert:
  27. type: String
  28. title: Private Certificate
  29. hint: PEM formatted key used to sign the certificate.
  30. decryptionPvk:
  31. type: String
  32. title: Decryption Private Key
  33. hint: (optional) Private key that will be used to attempt to decrypt any encrypted assertions that are received.
  34. signatureAlgorithm:
  35. type: String
  36. title: Signature Algorithm
  37. hint: Signature algorithm used for signing requests
  38. default: sha1
  39. enum:
  40. - sha1
  41. - sha256
  42. - sha512
  43. identifierFormat:
  44. type: String
  45. title: Name Identifier format
  46. default: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
  47. acceptedClockSkewMs:
  48. type: Number
  49. title: Accepted Clock Skew Milleseconds
  50. hint: Time in milliseconds of skew that is acceptable between client and server when checking OnBefore and NotOnOrAfter assertion condition validity timestamps. Setting to -1 will disable checking these conditions entirely.
  51. default: 0
  52. disableRequestedAuthnContext:
  53. type: Boolean
  54. title: Disable Requested Auth Context
  55. hint: If enabled, do not request a specific authentication context. This is known to help when authenticating against Active Directory (AD FS) servers.
  56. default: false
  57. authnContext:
  58. type: String
  59. title: Auth Context
  60. hint: Name identifier format to request auth context.
  61. default: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
  62. forceAuthn:
  63. type: Boolean
  64. title: Force Initial Re-authentication
  65. hint: If enabled, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session.
  66. default: false
  67. providerName:
  68. type: String
  69. title: Provider Name
  70. hint: Optional human-readable name of the requester for use by the presenter's user agent or the identity provider.
  71. default: wiki.js
  72. skipRequestCompression:
  73. type: Boolean
  74. title: Skip Request Compression
  75. hint: If enabled, the SAML request from the service provider won't be compressed.
  76. default: false
  77. authnRequestBinding:
  78. type: String
  79. title: Request Binding
  80. hint: Binding used for request authentication from IDP.
  81. default: 'HTTP-Redirect'
  82. enum:
  83. - HTTP-Redirect
  84. - HTTP-POST