Basic Parameters
Global Parameters
Mandatory
- PRIVATE_KEY: private pem key
string; private key. - CERTIFICATE: signed certificate
string;
Utils
- CLAIMS_TRANSFORMER (optional):
csv; transforms jwt response keys. Must be composed as follows:key1=key2wherekey1is the key you want to change andkey2is the key you want to get (transformskey1tokey2). Eg:key1=key2,key3=key4. - CLAIMS_TO_HEADER (optional): map specific claims from an ID token or user info into HTTP headers. E.g.:
X-User=emailextracts email claim value and sets an header like thisX-User: user@acme.org - TRACE (optional):
booleandefaultfalse; debug log - ECHO_APP (optional):
booleandefaultfalse; enable/disable the page (HTML) that displays the Identity Provider’s response JWT.
Customization
- SESSION_DURATION (optional): ISO-8601
stringdefault 1 hour; duration of the Identity Provider proxy session (e.g., PT10M -> 10min); stateful updates the duration with each client interaction. - SESSION_COOKIE_SETTINGS (optional):
stringdefaulthttpOnly; secure; semicolon-separated values, the last cookie setting must not end with;. - SESSION_COOKIE_DOMAIN_LEVEL (optional):
u8default2; how many parts of the domain to include in the cookie starting from the right. If 0, the domain remains unchanged. Example:(“www.example.com”, 0) -> www.example.com, (“www.example.com”, 2) -> .example.com, (“app.example.com”, 2) -> .example.com, (“www.app.example.com”, 6) -> .www.app.example.com, (“www.example.com”, 3) -> .www.example.com. - SESSION_COOKIE_NAME (optional):
string. - BASE64_CUSTOM_LOGO_DARK (optional): base64-encoded
string; logo used for dark mode. - BASE64_CUSTOM_LOGO_LIGHT (optional): base64-encoded
string; logo used for light mode. - SKIP_IDP_CHOICE_IF_ONE (optional):
booleandefaultfalse; skips the Identity Provider choice if only one is available: this will prevent the user from needing to click the “login via acme.org” button. - COLOR (optional):
stringin RGB format; the base color used to generate all shades. - COLOR_SCHEME (optional):
string; light, dark, or auto; color scheme applied to the client. - BASE64_ICON (optional): base64-encoded
string; favicon. - LOGIN_PATH (optional):
stringdefaultlogin; login path; sethttps://domain/loginin the Identity Provider. - CALLBACK_PATH (optional):
stringdefaultcallback; callback path (where the Identity Provider redirects to the Relying Party); sethttps://domain/callbackin the Identity Provider. - TRUST_SELF_SIGNED_CERT (optional):
booleandefaultfalse; SSL property of the HTTP client. - ADDITIONAL_REDIRECT_HEADERS_n (optional):
stringwhere n is a positive natural number; additional headers added during redirection to LOGIN_PATH. - STYLE (optional):
stringin CSS format; a stylesheet applied to LOGIN_PATH and CALLBACK_PATH. - CALLBACK_TEXT (optional):
string; h1 text for the callback. - CALLBACK_ERROR (optional):
string; callback error. - CALLBACK_TITLE (optional):
string; HTML head tag title for the callback. - CALLBACK_EXPLANATION (optional):
string; description of the callback. - LOGIN_TITLE (optional):
string; HTML head tag title for the login. - LOGIN_TEXT (optional):
string; h1 text for the login. - LOGIN_EXPLANATION (optional):
string; description of the login. - LOGIN_ERROR (optional):
string; login error. - CONTINUE_BUTTON (optional):
string; continue button text. - CANCEL_BUTTON (optional):
string; cancel button text. - GROUP_ENABLE_n (optional):
boolean; enable/disable group. - GROUP_n (optional):
stringcsv; list of Identity Providers to be grouped together, E.g.: “1,2,4-8” i.e., Identity Providers number 1,2,4,5,6,7,8 where these numbers represent the value n of the parameter name (see Identity Provider Parameters). - GROUP_TEXT_n (optional):
string; group name (placeholder of the select). - GROUP_IMAGE_BASE64_n (optional):
stringencoded base64; icon to the left of the group. - LANG (optional):
string; lang attribute of the html tag (E.g.: en). - META_DESCRIPTION (optional):
string; meta description contained in the head tag.
⚠️
Parameters beginning with GROUP_ have the value n which simply identifies the group and not the Identity Providers.
Element Parameters
Parameters for the element where n is a positive natural number:
Mandatory
- BUTTON_TEXT_n:
string; text displayed inside the button; e.g., login viaacme.org. - AUTHENTICATION_PROTOCOL_n:
string; values and specific parameters:openidconnectOpenID Connect Clientsaml2SAML2 Client, SPID ClientopenidfederationCIE ClientwebauthnWebAuthn
Utils
- CLAIMS_CSV_n (optional):
csv; filter forclaimsin the Identity Provider metadata. - CLAIMS_TRANSFORMER_n (optional):
csv; transforms jwt response keys. Must be composed as follows:key1=key2wherekey1is the key you want to change andkey2is the key you want to get (transformskey1tokey2). Eg:key1=key2,key3=key4.
Customization
- BUTTON_FILLED_n (optional):
booleandefaulttrue; filled button style. - USERINFO_APPROVAL_n (optional):
booleandefaultfalse; user approval for sharing Identity Provider information with the backend application. - BUTTON_IMAGE_BASE64_n (optional): base64-encoded
string; icon on the left side of the button.
Last updated on