colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/theodor-franke/BookStack into theodor-franke-master

This commit is contained in:
Dan Brown 2021-10-21 14:04:23 +01:00
parent 129f3286d9 07408ec112
commit 2e9ac21b38
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
3 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.env.example.complete
View File

@ -232,6 +232,11 @@ SAML2_ONELOGIN_OVERRIDES=null
SAML2_DUMP_USER_DETAILS=false SAML2_DUMP_USER_DETAILS=false
SAML2_AUTOLOAD_METADATA=false SAML2_AUTOLOAD_METADATA=false
SAML2_IDP_AUTHNCONTEXT=true SAML2_IDP_AUTHNCONTEXT=true
SAML2_SP_CERTIFICATE=null
SAML2_SP_PRIVATEKEY=null
SAML2_SP_NAME_ID_Format=null
SAML2_SP_NAME_ID_SP_NAME_QUALIFIER=null
SAML2_RETRIEVE_PARAMETERS_FROM_SERVER=false
# SAML group sync configuration # SAML group sync configuration
# Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/ # Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/

10
app/Auth/Access/Saml2Service.php
View File

@ -65,7 +65,11 @@ class Saml2Service
$returnRoute = url('/'); $returnRoute = url('/');
try { try {
$url = $toolKit->logout($returnRoute, [], null, null, true); $email = auth()->user()['email'];
$nameIdFormat = env('SAML2_SP_NAME_ID_Format', null);
$nameIdSPNameQualifier = env('SAML2_SP_NAME_ID_SP_NAME_QUALIFIER', null);
$url = $toolKit->logout($returnRoute, [], $email, null, true, $nameIdFormat, null, $nameIdSPNameQualifier);
$id = $toolKit->getLastRequestID(); $id = $toolKit->getLastRequestID();
} catch (Error $error) { } catch (Error $error) {
if ($error->getCode() !== Error::SAML_SINGLE_LOGOUT_NOT_SUPPORTED) { if ($error->getCode() !== Error::SAML_SINGLE_LOGOUT_NOT_SUPPORTED) {
@ -124,7 +128,9 @@ class Saml2Service
public function processSlsResponse(?string $requestId): ?string public function processSlsResponse(?string $requestId): ?string
{ {
$toolkit = $this->getToolkit(); $toolkit = $this->getToolkit();
$redirect = $toolkit->processSLO(true, $requestId, false, null, true); $retrieveParametersFromServer = env('SAML2_RETRIEVE_PARAMETERS_FROM_SERVER', false);
$redirect = $toolkit->processSLO(true, $requestId, $retrieveParametersFromServer, null, true);
$errors = $toolkit->getErrors(); $errors = $toolkit->getErrors();

7
app/Config/saml2.php
View File

@ -80,8 +80,8 @@ return [
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
// Usually x509cert and privateKey of the SP are provided by files placed at // Usually x509cert and privateKey of the SP are provided by files placed at
// the certs folder. But we can also provide them with the following parameters // the certs folder. But we can also provide them with the following parameters
'x509cert' => '', 'x509cert' => env('SAML2_SP_CERTIFICATE', ''),
'privateKey' => '', 'privateKey' => env('SAML2_SP_PRIVATEKEY', ''),
], ],
// Identity Provider Data that we want connect with our SP // Identity Provider Data that we want connect with our SP
'idp' => [ 'idp' => [
@ -147,6 +147,9 @@ return [
// Multiple forced values can be passed via a space separated array, For example: // Multiple forced values can be passed via a space separated array, For example:
// SAML2_IDP_AUTHNCONTEXT="urn:federation:authentication:windows urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" // SAML2_IDP_AUTHNCONTEXT="urn:federation:authentication:windows urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
'requestedAuthnContext' => is_string($SAML2_IDP_AUTHNCONTEXT) ? explode(' ', $SAML2_IDP_AUTHNCONTEXT) : $SAML2_IDP_AUTHNCONTEXT, 'requestedAuthnContext' => is_string($SAML2_IDP_AUTHNCONTEXT) ? explode(' ', $SAML2_IDP_AUTHNCONTEXT) : $SAML2_IDP_AUTHNCONTEXT,
'logoutRequestSigned' => env('SAML2_LOGOUT_REQUEST_SIGNED', false),
'logoutResponseSigned' => env('SAML2_LOGOUT_RESPONSE_SIGNED', false),
'lowercaseUrlencoding' => env('SAML2_LOWERCASE_URLENCODING', false),
], ],
], ],