Parameters
Global Parameters
- JWT_PRIVATE_KEY: pem private key
string
; private key used for JWT. - JWT_PUBLIC_KEY: pem public key
string
; public key used for JWT. - SESSION_FLAVOUR (optional):
string
; stateful and stateless, default stateful. for stateless session logout is currently unimplemented. - SESSION_DURATION (optional): ISO-8601
string
default is 5min; identity provider proxy session duration (ex: PT10M -> 10min); stateful refreshes its duration through every client interaction, stateless does not. - SESSION_COOKIE_SETTINGS (optional):
string
default ishttpOnly; secure
;;
separated value, the last cookie setting must be without;
- SESSION_COOKIE_DOMAIN_LEVEL (optional):
u8
default is2
; How many domain parts are you including in the cookie starting from the right. If 0 the domain remains unchanged. ex:("www.example.com", 0) -> www.example.com, ("www.example.com", 2) -> .example.com, ("app.example.com", 2) -> .example.com, ("www.app.example.com", 6) -> .www.app.example.com, ("www.example.com", 3) -> .www.example.com
. - SESSION_COOKIE_NAME (optional):
string
. - BASE64_CUSTOM_LOGO_DARK (optional): base64 encoded
string
; logo used for dark mode. - BASE64_CUSTOM_LOGO_LIGHT (optional): base64 encoded
string
; logo used for light mode. - SKIP_IDP_CHOICE_IF_ONE (optional):
boolean
default isfalse
; skip identity provider choice if there's only one: this will prevent the user from clicking the button "login via acme.org". - COLOR (optional):
string
rgb color; the base color all the shades are genereted from. - COLOR_SCHEME (optional):
string
light, dark or auto; color scheme applied to the client. - BASE64_ICON (optional): base64 encoded
string
; favicon. - LOGIN_PATH (optional):
string
default islogin
; login path; inside the Identity Providerhttps://domain/login
. - CALLBACK_PATH (optional):
string
default iscallback
; callback path (where the Identity Provider will redirect back to the Relying Party); inside the Identity Providerhttps://domain/callback
. - TRACE (optional):
boolean
default isfalse
; debug log. - TRUST_SELF_SIGNED_CERT (optional):
boolean
default isfalse
; http client SSL property. - ADDITIONAL_REDIRECT_HEADERS_n (optional):
string
where n is a non zero natural number; additional header added during redirect to LOGIN_PATH. - STYLE (optional):
string
in CSS format, a stylesheet applied to either LOGIN_PATH and CALLBACK_PATH. - CALLBACK_TEXT (optional):
string
; callback h1 text. - CALLBACK_ERROR (optional):
string
; callback error. - CALLBACK_TITLE (optional):
string
; callback html title head tag. - CALLBACK_EXPLANATION (optional):
string
; callback description. - LOGIN_TITLE (optional):
string
; login html title head tag. - LOGIN_TEXT (optional):
string
; login h1 text. - LOGIN_EXPLANATION (optional):
string
; login description. - LOGIN_ERROR (optional):
string
; login error. - CONTINUE_BUTTON (optional):
string
; continue button text. - CANCEL_BUTTON (optional):
string
; cancel button text.
Identity Provider Parameters
Identity Provider Parameters where n is a non zero natural number:
- ISSUER_n:
url
; OpenID Connect well-known file location; ex: https://www.acme.org/.well-known/openid-configuration (opens in a new tab). - CLIENT_ID_n:
string
; an application public identifier. Created during client registration in the server. - CLIENT_SECRET_n:
string
; a secret key, known only by the client and the authorization server. Created during client registration in the server. - BUTTON_TEXT_n:
string
; Text displayed inside the button; ex: login viaacme.org
. - AUTHENTICATION_PROTOCOL_n:
string
; openidconnect. - BUTTON_FILLED_n (optional):
boolean
defaulttrue
; button style filled. - USERINFO_ENDPOINT_n (optional):
boolean
defaultfalse
; gaining user info merged from user info endpoint with JWT access token. - USERINFO_APPROVAL_n (optional):
boolean
defaulttrue
; user share ingormation approval. - BUTTON_IMAGE_BASE64_n (opzionale):
string
base64 encoded; left icon button.