You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+11-8Lines changed: 11 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,10 +13,12 @@ Provides a SAML SP authentication proxy for backend web services
13
13
Comma separated list of attribute=header pairs mapping SAML IdP response attributes to forwarded request header (env SAML_PROXY_ATTRIBUTE_HEADER_MAPPINGS)
14
14
-attribute-header-wildcard string
15
15
Maps all SAML attributes with this option as a prefix, slashes in attribute names will be replaced by dashes (env SAML_PROXY_ATTRIBUTE_HEADER_WILDCARD)
16
-
-auth-verify bool
16
+
-auth-verify
17
17
Enables verify path endpoint for forward auth and trusts X-Forwarded headers (env SAML_PROXY_AUTH_VERIFY)
18
18
-auth-verify-path string
19
-
Path under BaseUrl that will respond with a 200 when authenticated (env SAML_PROXY_AUTH_VERIFY_PATH) (default "/_verify")
19
+
Path under BaseUrl that will respond with a 204 when authenticated (env SAML_PROXY_AUTH_VERIFY_PATH) (default "/_verify")
20
+
-auth-verify-require-login
21
+
If set, trigger a login if the user is not authenticated during verify (env SAML_PROXY_AUTH_VERIFY_REQUIRE_LOGIN)
20
22
-authorize-attribute attribute
21
23
Enables authorization and specifies the attribute to check for authorized values (env SAML_PROXY_AUTHORIZE_ATTRIBUTE)
22
24
-authorize-values values
@@ -30,16 +32,20 @@ Provides a SAML SP authentication proxy for backend web services
30
32
-cookie-domain string
31
33
Overrides the domain set on the session cookie. By default the BaseUrl host is used. (env SAML_PROXY_COOKIE_DOMAIN)
32
34
-cookie-max-age duration
33
-
Specifies the amount of time the authentication token will remain valid (env SAML_PROXY_COOKIE_MAX_AGE) (default 2h0m0s)
35
+
Specifies the amount of time the authentication token will remain valid (env SAML_PROXY_COOKIE_MAX_AGE) (default 2h0m0s)
34
36
-cookie-name string
35
37
Name of the cookie that tracks session token (env SAML_PROXY_COOKIE_NAME) (default "token")
38
+
-debug
39
+
Enable debug logs (env SAML_PROXY_DEBUG)
40
+
-encrypt-jwt
41
+
If set, enables JWT session encryption (env SAML_PROXY_ENCRYPT_JWT)
36
42
-entity-id string
37
43
Entity ID of this service provider (env SAML_PROXY_ENTITY_ID)
38
44
-idp-ca-path path
39
45
Optional path to a CA certificate PEM file for the IdP (env SAML_PROXY_IDP_CA_PATH)
40
46
-idp-metadata-url URL
41
47
URL of the IdP's metadata XML, can be a local file by specifying the file:// scheme (env SAML_PROXY_IDP_METADATA_URL)
42
-
-initiate-session-path path
48
+
-initiate-session-path string
43
49
If set, initiates a SAML authentication flow only when a user visits this path. This will allow anonymous users to access to the backend. (env SAML_PROXY_INITIATE_SESSION_PATH)
44
50
-name-id-format string
45
51
One of unspecified, transient, email, or persistent to use a standard format or give a full URN of the name ID format (env SAML_PROXY_NAME_ID_FORMAT) (default "transient")
@@ -49,15 +55,12 @@ Provides a SAML SP authentication proxy for backend web services
49
55
URL of webhook that will get POST'ed when a new authentication is processed (env SAML_PROXY_NEW_AUTH_WEBHOOK_URL)
50
56
-sign-requests
51
57
If set, enables SAML request signing (env SAML_PROXY_SIGN_REQUESTS)
52
-
-encrypt-jwt
53
-
If set, JWTs will be encrypted as JWE (env SAML_PROXY_ENCRYPT_JWT)
54
58
-sp-cert-path path
55
59
The path to the X509 public certificate PEM file for this SP (env SAML_PROXY_SP_CERT_PATH) (default "saml-auth-proxy.cert")
56
60
-sp-key-path path
57
61
The path to the X509 private key PEM file for this SP (env SAML_PROXY_SP_KEY_PATH) (default "saml-auth-proxy.key")
58
62
-static-relay-state string
59
-
A fixed RelayState value, such as a short URL. Will be trimmed to 80 characters to conform with SAML. The default generates random bytes that are Base64
60
-
encoded. (env SAML_PROXY_STATIC_RELAY_STATE)
63
+
A fixed RelayState value, such as a short URL. Will be trimmed to 80 characters to conform with SAML. The default generates random bytes that are Base64 encoded. (env SAML_PROXY_STATIC_RELAY_STATE)
Copy file name to clipboardExpand all lines: server/config.go
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -24,7 +24,7 @@ type Config struct {
24
24
CookieDomainstring`usage:"Overrides the domain set on the session cookie. By default the BaseUrl host is used."`
25
25
AllowIdpInitiatedbool`usage:"If set, allows for IdP initiated authentication flow"`
26
26
AuthVerifybool`usage:"Enables verify path endpoint for forward auth and trusts X-Forwarded headers"`
27
-
AuthVerifyPathstring`default:"/_verify" usage:"Path under BaseUrl that will respond with a 200 when authenticated"`
27
+
AuthVerifyPathstring`default:"/_verify" usage:"Path under BaseUrl that will respond with a 204 when authenticated"`
28
28
AuthVerifyRequireLoginbool`usage:"If set, trigger a login if the user is not authenticated during verify"`
29
29
Debugbool`usage:"Enable debug logs"`
30
30
StaticRelayStatestring`usage:"A fixed RelayState value, such as a short URL. Will be trimmed to 80 characters to conform with SAML. The default generates random bytes that are Base64 encoded."`
0 commit comments