-
Notifications
You must be signed in to change notification settings - Fork 4
Configuration options for ServiceRegistry
This page gives a short overview of the configuration options for the ServiceRegistry. For more information, see the README and installation documentation in the OpenConext github project.
WARNING
Configuration files for the ServiceRegistry are written in PHP. We recommend that you use a proper IDE like PHPStorm and run a syntax check before committing any change. E.g.,
php -l config/module_janus.metadata_fields.php
Note that the ServiceRegistry is an installation of SimpleSAMLphp with the JANUS module in it.
Last updated for version: 2.8.0
The environment specific configuration lives in /etc/openconext.
Locally: N/A
You should never have to touch this file.
Used to determine which authentication source to use. By default this looks at the remote IdPs that are defined (metadata/saml20-idp-remote.php and it's local variant) and picks the first SAML2 IdP as the default source of authentication.
Locally: /etc/openconext/serviceregistry.config.php The main configuration file for SimpleSAMLphp.
See the SimpleSAMLphp documentation.
##config/module_cron.php Locally: /etc/openconext/serviceregistry.module_cron.php
Secret and configuration information for the recurring tasks (cron). You should not have to touch this file except to set the secret.
Example from docs/etc/serviceregistry.module_cron.php:
// Change me!
$config['key'] = 'myownsecret';Locally: /etc/openconext/serviceregistry.module_janus.php The main configuration parameters for JANUS.
See the JANUS documentation
Locally: /etc/openconext/serviceregistry.module_janus.php
Sub-configuration for JANUS ACL. You should not have to edit this file; at most you should edit the files it reads from:
- config/permissions.table – Global permissions
- config/permissions.entity.table – Entity permissions
Locally: /etc/surfconext/serviceregistry.module_janus.php
Sub-configuration for JANUS metadata fields. Use this file to configure the metadata fields.
Note that this file does NOT have a local equivalent, it is part of
serviceregistry/module_janus.phpas:
$config['metadatafields']For more information on local configuration (editing of which is NOT RECOMMENDED) of metadatafields, see the JANUS documentation.
You can define fields for:
- All entities
// Fields for ALL entities (both Service Provider and Identity Provider)
JANUS_FIELDS_TYPE_ALL => array(- Only Identity Providers
// Fields only for Identity Providers
JANUS_FIELDS_TYPE_IDP => array(- Only Service Providers
// Fields only for Service Providers
JANUS_FIELDS_TYPE_SP => array(To configure a field, simply add a line like so:
'name:#' => array('required'=>TRUE, 'supported' => array('en', 'nl')),Note that OpenConext largely follows the JANUS configuration specified here.
OpenConext does set some default values:
- If no 'type' is specified, the type is 'text'.
- If no 'required' is specified, it is assumed the field is optional.
- The default default value is empty.
- If the default default value (an empty string) is used, then that default is forbidden.
- If another default is specified, then that default is allowed as a valid value.
JANUS no longer allows explicit ordering of fields, all fields are alphabetically ordered.
Locally: /etc/openconext/serviceregistry.saml20-idp-remote.php
The SAML2 Identity Providers that should be used. The ServiceRegistry should only have 1 Identity Provider: the accompanying EngineBlock.
Example from docs/etc/serviceregistry.saml20-idp-remote.php:
$metadata['https://engineblock.example.edu/authentication/idp/metadata'] = array(
'SingleSignOnService' => 'https://engineblock.example.edu/authentication/idp/single-sign-on',
'certificate' =>'engineblock.crt',
);