Skip to content

Commit 410268d

Browse files
nakaeeeenakaeeee
committed
added environment variables for SAML
1 parent a22be81 commit 410268d

File tree

2 files changed

+22
-1
lines changed

2 files changed

+22
-1
lines changed

README.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -174,6 +174,15 @@ There are some configs you need to change in the files below
174174
| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
175175
| HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP |
176176
| HMD_SAML_IDPCERT | `/path/to/cert.pem` | certificate file path of IdP in PEM format |
177+
| HMD_SAML_ISSUER | no example | identity of the service provider (optional, default: serverurl)" |
178+
| HMD_SAML_IDENTIFIERFORMAT | no example | name identifier format (optional, default: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`) |
179+
| HMD_SAML_GROUPATTRIBUTE | `memberOf` | attribute name for group list (optional) |
180+
| HMD_SAML_REQUIREDGROUPS | `Hackmd-users` | group names that allowed (use vertical bar to separate) (optional) |
181+
| HMD_SAML_EXTERNALGROUPS | `Temporary-staff` | group names that not allowed (use vertical bar to separate) (optional) |
182+
| HMD_SAML_ATTRIBUTE_ID | `sAMAccountName` | attribute map for `id` (optional, default: NameID of SAML response) |
183+
| HMD_SAML_ATTRIBUTE_USERNAME | `mailNickname` | attribute map for `username` (optional, default: NameID of SAML response) |
184+
| HMD_SAML_ATTRIBUTE_DISPLAYNAME | `displayName` | attribute map for `displayname` (optional, default: NameID of SAML response) |
185+
| HMD_SAML_ATTRIBUTE_EMAIL | `mail` | attribute map for `email` (optional, default: NameID of SAML response if `HMD_SAML_IDENTIFIERFORMAT` is default) |
177186
| HMD_IMGUR_CLIENTID | no example | Imgur API client id |
178187
| HMD_EMAIL | `true` or `false` | set to allow email signin |
179188
| HMD_ALLOW_PDF_EXPORT | `true` or `false` | Enable or disable PDF exports |
@@ -251,6 +260,7 @@ There are some configs you need to change in the files below
251260
| mattermost | `/auth/mattermost/callback` |
252261
| dropbox | `/auth/dropbox/callback` |
253262
| google | `/auth/google/callback` |
263+
| saml | `/auth/saml/callback` |
254264

255265
# Developer Notes
256266

lib/config/environment.js

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,18 @@ module.exports = {
7575
},
7676
saml: {
7777
idpSsoUrl: process.env.HMD_SAML_IDPSSOURL,
78-
idpCert: process.env.HMD_SAML_IDPCERT
78+
idpCert: process.env.HMD_SAML_IDPCERT,
79+
issuer: process.env.HMD_SAML_ISSUER,
80+
identifierFormat: process.env.HMD_SAML_IDENTIFIERFORMAT,
81+
groupAttribute: process.env.HMD_SAML_GROUPATTRIBUTE,
82+
externalGroups: process.env.HMD_SAML_EXTERNALGROUPS ? process.env.HMD_SAML_EXTERNALGROUPS.split('|') : [],
83+
requiredGroups: process.env.HMD_SAML_REQUIREDGROUPS ? process.env.HMD_SAML_REQUIREDGROUPS.split('|') : [],
84+
attribute: {
85+
id: process.env.HMD_SAML_ATTRIBUTE_ID,
86+
username: process.env.HMD_SAML_ATTRIBUTE_USERNAME,
87+
displayName: process.env.HMD_SAML_ATTRIBUTE_DISPLAYNAME,
88+
email: process.env.HMD_SAML_ATTRIBUTE_EMAIL
89+
}
7990
},
8091
email: toBooleanConfig(process.env.HMD_EMAIL),
8192
allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER),

0 commit comments

Comments
 (0)