Basic Parameters

Global Parameters

Mandatory

PRIVATE_KEY: private pem key string; private key.
CERTIFICATE: signed certificate string;

Utils

NORMALIZE_CLAIMS_VALUE (optional): csv; Normalizes claim values. Syntax: key0="regex0"="replacement0",key1="regex1"="replacement1" where key is the key to be considered, “regex” is the regular expression on the key value, and “replacement” is the value to be substituted for the match found with the regex. NB: both regex and replacement must be enclosed in quotation marks.
CLAIMS_TRANSFORMER (optional): csv; transforms jwt response keys. Must be composed as follows: key1=key2 where key1 is the key you want to change and key2 is the key you want to get (transforms key1 to key2). Eg: key1=key2,key3=key4.
CLAIMS_TO_HEADER (optional): map specific claims from an ID token or user info into HTTP headers. E.g.: X-User=email extracts email claim value and sets an header like this X-User: user@acme.org
TRACE (optional): boolean default false; debug log
ECHO_APP (optional): boolean default false; enable/disable the page (HTML) that displays the Identity Provider’s response JWT.

Customization

SESSION_DURATION (optional): ISO-8601 string default 1 hour; duration of the Identity Provider proxy session (e.g., PT10M -> 10min); stateful updates the duration with each client interaction.
SESSION_COOKIE_SETTINGS (optional): string default httpOnly; secure; semicolon-separated values, the last cookie setting must not end with ;.
SESSION_COOKIE_DOMAIN_LEVEL (optional): u8 default 2; how many parts of the domain to include in the cookie starting from the right. If 0, the domain remains unchanged. Example: (“www.example.com”, 0) -> www.example.com, (“www.example.com”, 2) -> .example.com, (“app.example.com”, 2) -> .example.com, (“www.app.example.com”, 6) -> .www.app.example.com, (“www.example.com”, 3) -> .www.example.com.
SESSION_COOKIE_NAME (optional): string.
BASE64_CUSTOM_LOGO_DARK (optional): base64-encoded string; logo used for dark mode.
BASE64_CUSTOM_LOGO_LIGHT (optional): base64-encoded string; logo used for light mode.
SKIP_IDP_CHOICE_IF_ONE (optional): boolean default false; skips the Identity Provider choice if only one is available: this will prevent the user from needing to click the “login via acme.org” button.
COLOR (optional): string in RGB format; the base color used to generate all shades.
COLOR_SCHEME (optional): string; light, dark, or auto; color scheme applied to the client.
BASE64_ICON (optional): base64-encoded string; favicon.
LOGIN_PATH (optional): string default login; login path; set https://domain/login in the Identity Provider.
CALLBACK_PATH (optional): string default callback; callback path (where the Identity Provider redirects to the Relying Party); set https://domain/callback in the Identity Provider.
TRUST_SELF_SIGNED_CERT (optional): boolean default false; SSL property of the HTTP client.
ADDITIONAL_REDIRECT_HEADERS_n (optional): string where n is a positive natural number; additional headers added during redirection to LOGIN_PATH.
STYLE (optional): string in CSS format; a stylesheet applied to LOGIN_PATH and CALLBACK_PATH.
CALLBACK_TEXT (optional): string; h1 text for the callback.
CALLBACK_ERROR (optional): string; callback error.
CALLBACK_TITLE (optional): string; HTML head tag title for the callback.
CALLBACK_EXPLANATION (optional): string; description of the callback.
LOGIN_TITLE (optional): string; HTML head tag title for the login.
LOGIN_TEXT (optional): string; h1 text for the login.
LOGIN_EXPLANATION (optional): string; description of the login.
LOGIN_ERROR (optional): string; login error.
CONTINUE_BUTTON (optional): string; continue button text.
CANCEL_BUTTON (optional): string; cancel button text.
GROUP_ENABLE_n (optional): boolean; enable/disable group.
GROUP_n (optional): string csv; list of Identity Providers to be grouped together, E.g.: “1,2,4-8” i.e., Identity Providers number 1,2,4,5,6,7,8 where these numbers represent the value n of the parameter name (see Identity Provider Parameters).
GROUP_TEXT_n (optional): string; group name (placeholder of the select).
GROUP_IMAGE_BASE64_n (optional): string encoded base64; icon to the left of the group.
LANG (optional): string; lang attribute of the html tag (E.g.: en).
META_DESCRIPTION (optional): string; meta description contained in the head tag.

⚠️

Parameters beginning with GROUP_ have the value n which simply identifies the group and not the Identity Providers.

Element Parameters

Parameters for the element where n is a positive natural number:

Mandatory

BUTTON_TEXT_n: string; text displayed inside the button; e.g., login via acme.org.
AUTHENTICATION_PROTOCOL_n: string; values and specific parameters:
- openidconnect OpenID Connect Client
- saml2 SAML2 Client, SPID Client
- openidfederation CIE Client
- webauthn WebAuthn

Utils

CLAIMS_CSV_n (optional): csv; filter for claims in the Identity Provider metadata.
CLAIMS_TRANSFORMER_n (optional): csv; transforms jwt response keys. Must be composed as follows: key1=key2 where key1 is the key you want to change and key2 is the key you want to get (transforms key1 to key2). Eg: key1=key2,key3=key4.

Customization

BUTTON_FILLED_n (optional): boolean default true; filled button style.
USERINFO_APPROVAL_n (optional): boolean default false; user approval for sharing Identity Provider information with the backend application.
BUTTON_IMAGE_BASE64_n (optional): base64-encoded string; icon on the left side of the button.