Commit 56381640 authored by Lukas Haemmerle's avatar Lukas Haemmerle

Improved markup and intendation

parent 5e87f0ac
This diff is collapsed.
<?php // Copyright (c) 2017, SWITCH
//******************************************************************************
// This file contains the configuration of SWITCHwayf, a light-weight
// This file contains the configuration of SWITCHwayf, a light-weight
// implementation of a SAML Discovery Service. Adapt the settings to reflect
// your environment and then do some testing before going into production.
// Unless specifically set, default values will be used for all options.
......@@ -14,7 +14,7 @@
// is not available in languages.php or custom-languages.php.
// If string in local language is not available, english ('en') will be used
// as last resort.
//$defaultLanguage = 'en';
//$defaultLanguage = 'en';
......@@ -24,8 +24,8 @@
// Domain within the WAYF cookie should be readable. Must start with a .
//$commonDomain = '.example.org';
// Optionnal cookie name prefix in case you run several
// instances of the WAYF in the same domain.
// Optionnal cookie name prefix in case you run several
// instances of the WAYF in the same domain.
// Example: $cookieNamePrefix = '_mywayf';
//$cookieNamePrefix = '';
......@@ -33,16 +33,16 @@
// redirect users transparently to their last selected IdP
//$redirectCookieName = $cookieNamePrefix.'_redirect_user_idp';
// Stores last selected IdPs
// Stores last selected IdPs
// This value shouldn't be changed because _saml_idp is the officilly
// defined name in the SAML specification
//$SAMLDomainCookieName = $cookieNamePrefix.'_saml_idp';
// Stores last selected SP
// This value can be choosen as you like because it is something specific
// to this WAYF implementation. It can be used to display help/contact
// to this WAYF implementation. It can be used to display help/contact
// information on a page in the same domain as $commonDomain by accessing
// the federation metadata and parsing out the contact information of the
// the federation metadata and parsing out the contact information of the
// selected IdP and SP using $SAMLDomainCookieName and $SPCookieName
//$SPCookieName = $cookieNamePrefix.'_saml_sp';
......@@ -65,13 +65,13 @@
// Whether or not to use the search-as-you-type feature of the drop down list
// Enabling this will use JavaScript to convert the select element containing
// all Identity Providers to a searchable search-as-you-type list that also
// displays logos if available
// displays logos if available
//$useImprovedDropDownList = true;
// If true the improved drop-down-list will not display logos that
// have to be loaded from remote URLs. That way the web browser
// does not have to make requests to third party hosts.
// Logos that are embedded using data URIs
// Logos that are embedded using data URIs
// (src="data:image/png;base64...") will however still be displayed
//$disableRemoteLogos = false;
......@@ -80,19 +80,19 @@
// Default is 3, set to 0 to disable
//$showNumOfPreviouslyUsedIdPs = 3;
// Set to true in order to enable reading the Identity Providers and Service
// Set to true in order to enable reading the Identity Providers and Service
// Providers from a SAML2 metadata file defined below in $metadataFile
// The parsed data will be available in $metadataIDPFile and $metadataSPFile
//$useSAML2Metadata = false;
//$useSAML2Metadata = false;
// If true parsed metadata should have precedence if there are entries defined
// If true parsed metadata should have precedence if there are entries defined
// in metadata as well as the local IDProviders configuration file.
// Requires $useSAML2Metadata to be true
//$SAML2MetaOverLocalConf = false;
// If includeLocalConfEntries parameter is set to true, Identity Providers
// not listed in metadata but defined in the local IDProviders file will also
// be displayed in the drop down list. This is required if you need to add
// be displayed in the drop down list. This is required if you need to add
// local exceptions over the federation metadata
// Requires $useSAML2Metadata to be true
//$includeLocalConfEntries = true;
......@@ -100,18 +100,18 @@
// Whether the return parameter is checked against SAML2 metadata or not
// The Discovery Service specification says the DS SHOULD check this in order
// to mitigate phising problems.
// The return parameter will only be checked if the Service Provider's metadata
// contains an <idpdisc:DiscoveryResponse> or if the assertion consumer url
// The return parameter will only be checked if the Service Provider's metadata
// contains an <idpdisc:DiscoveryResponse> or if the assertion consumer url
// check below is enabled
// Requires $useSAML2Metadata to be true
//$enableDSReturnParamCheck = true;
// If true, the return parameter is checked for Service Providers that
// don't have and <idpdisc:DiscoveryResponse> extension set. Instead of this
// extension, the hostnames of the assertion consumer URLs are used to check
// the return parameter against.
// This feature is useful in case the Service Provider's metadata doesn't contain
// a <idpdisc:DiscoveryResponse> extension. It increases security for Service
// extension, the hostnames of the assertion consumer URLs are used to check
// the return parameter against.
// This feature is useful in case the Service Provider's metadata doesn't contain
// a <idpdisc:DiscoveryResponse> extension. It increases security for Service
// Provider's that don't have an <idpdisc:DiscoveryResponse> extensions.
// Requires $useSAML2Metadata and $enableDSReturnParamCheck to be true
//$useACURLsForReturnParamCheck = false;
......@@ -122,28 +122,28 @@
// A Kerboros-protected page that redirects back to the WAYF script
//$kerberosRedirectURL = '/myFederation/kerberosRedirect.php';
// If enabled, the user's IP is used for a reverse DNS lookup whose resulting
// If enabled, the user's IP is used for a reverse DNS lookup whose resulting
// domain name then is matched with the URN values of the Identity Providers
//$useReverseDNSLookup = false;
// Whether the JavaScript required for embedding the WAYF
// on a remote site should be generated or not
// Lowers security against phising!
// If this value is set to true, any web page in the world can
// (with some efforts) find out with a high probability from which
// organization a user is from. This could be misused for phishing attacks.
// If this value is set to true, any web page in the world can
// (with some efforts) find out with a high probability from which
// organization a user is from. This could be misused for phishing attacks.
// Therefore, only enable this feature if you know what you are doing!
//$useEmbeddedWAYF = false;
// If enabled the Embedded WAYF will prevent releasing information
// about the user's preselected Identity Provider
// about the user's preselected Identity Provider
// While this is benefical to the data protection of the user, it will also
// prevent preselecting the user's Identity Provider. Thus, users will have
// to preselect their IdP each and every time
// Requires $useEmbeddedWAYF to be true
//$useEmbeddedWAYFPrivacyProtection = false;
// If enabled, the referer hostname of the request must match an assertion
// If enabled, the referer hostname of the request must match an assertion
// consumer URL or a discovery URL of a Service Provider in $metadataSPFile
// in order to let the Embedded WAYF preselect an Identity Provider.
// Therefore, this option is a good compromise between data protection and
......@@ -152,12 +152,12 @@
// to be false
//$useEmbeddedWAYFRefererForPrivacyProtection = false;
// If enabled (default) Identity Providers that are in the
// "Hide From Discovery" entity category (see
// If enabled (default) Identity Providers that are in the
// "Hide From Discovery" entity category (see
// https://refeds.org/category/hide-from-discovery/) will not
// be parsed when SAML2 metadata is processed. The effect will
// be that these IdPs are not shown in the organisation drop
// down list. IdPs in this entity category, however, still can
// be that these IdPs are not shown in the organisation drop
// down list. IdPs in this entity category, however, still can
// be manually added using the Embedded WAYF.
//$supportHideFromDiscoveryEntityCategory = true;
......@@ -166,27 +166,27 @@
// exported JSON/Text/PHP Code
// Lowers security against phising!
// If this value is set to true, any web page
// in the world can easily find out with a high probability from which
// organization a user is from. This could be misused for phishing attacks.
// in the world can easily find out with a high probability from which
// organization a user is from. This could be misused for phishing attacks.
// Therefore, only enable this feature if you know what you are doing!
//$exportPreselectedIdP = false;
// Whether to enable logging of WAYF/DS requests
// If turned on make sure to also configure $WAYFLogFile
//$useLogging = true;
//$useLogging = true;
// Where to log the access requests
// This log is only an audit log for access requests.
// This log is only an audit log for access requests.
// Errors (e.g. when parsing SAML metadata) go to the syslog.
// Make sure the web server user has write access to this file!
//$WAYFLogFile = '/var/log/apache2/wayf.log';
//$WAYFLogFile = '/var/log/apache2/wayf.log';
// 4. Files and path Settings
//***************************
// Set both config files to the same value if you don't want to use the
// Set both config files to the same value if you don't want to use the
// the WAYF to read a (potential) automatically generated file that undergoes
// some plausability checks before being used
//$IDPConfigFile = 'IDProvider.conf.php';
......@@ -238,7 +238,7 @@
//$instanceIdentifier = 'SWITCHwayf';
// Name of the federation [deprecated]
// This value is not used anymore in the standard code.
// This value is not used anymore in the standard code.
// Please ensure it is not used anymore in templates
//$federationName = 'myFederation';
......@@ -251,7 +251,7 @@
// Set to an empty string to hide the logo
//$logoURL = 'http://ds.example.org/SWITCHwayf/images/federation-logo.png';
// Absolute URL to the small federation logo that should be displayed in the
// Absolute URL to the small federation logo that should be displayed in the
// embedded WAYF. Make sure the dimensions (in particular the height of the logo)
// is small, ideally not larger than 120x30 pixel
//$smallLogoURL = 'http://ds.example.org/SWITCHwayf/images/small-federation-logo.png';
......@@ -261,11 +261,11 @@
// Absolute URL to the logo of the organization operating this Discovery Service
// Set to an empty string to hide the logo
//$organizationLogoURL = 'https://ds.example.org/SWITCHwayf/images/organization-logo.png';
//$organizationLogoURL = 'https://ds.example.org/SWITCHwayf/images/organization-logo.png';
// Absolute URL to the organization's web page
// Insert %s as macro to be substituted by the language (e.g. 'en', 'de', 'fr', ...) the WAYF uses
//$organizationURL = 'http://www.example.org/';
//$organizationURL = 'http://www.example.org/';
// Absolute URL to an FAQ page
// This entries local string is 'faq' in languages.php
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment