Parameters
Global Parameters
- JWT_PRIVATE_KEY: pem private key
string; private key used for JWT. - JWT_PUBLIC_KEY: pem public key
string; public key used for JWT. - SESSION_FLAVOUR (optional):
string; stateful and stateless, default stateful. for stateless session logout is currently unimplemented. - SESSION_DURATION (optional): ISO-8601
stringdefault is 5min; identity provider proxy session duration (ex: PT10M -> 10min); stateful refreshes its duration through every client interaction, stateless does not. - SESSION_COOKIE_SETTINGS (optional):
stringdefault ishttpOnly; secure;;separated value, the last cookie setting must be without; - SESSION_COOKIE_DOMAIN_LEVEL (optional):
u8default is2; How many domain parts are you including in the cookie starting from the right. If 0 the domain remains unchanged. ex:("www.example.com", 0) -> www.example.com, ("www.example.com", 2) -> .example.com, ("app.example.com", 2) -> .example.com, ("www.app.example.com", 6) -> .www.app.example.com, ("www.example.com", 3) -> .www.example.com. - SESSION_COOKIE_NAME (optional):
string. - BASE64_CUSTOM_LOGO_DARK (optional): base64 encoded
string; logo used for dark mode. - BASE64_CUSTOM_LOGO_LIGHT (optional): base64 encoded
string; logo used for light mode. - SKIP_IDP_CHOICE_IF_ONE (optional):
booleandefault isfalse; skip identity provider choice if there's only one: this will prevent the user from clicking the button "login via acme.org". - COLOR (optional):
stringrgb color; the base color all the shades are genereted from. - COLOR_SCHEME (optional):
stringlight, dark or auto; color scheme applied to the client. - BASE64_ICON (optional): base64 encoded
string; favicon. - LOGIN_PATH (optional):
stringdefault islogin; login path; inside the Identity Providerhttps://domain/login. - CALLBACK_PATH (optional):
stringdefault iscallback; callback path (where the Identity Provider will redirect back to the Relying Party); inside the Identity Providerhttps://domain/callback. - TRACE (optional):
booleandefault isfalse; debug log. - TRUST_SELF_SIGNED_CERT (optional):
booleandefault isfalse; http client SSL property. - ADDITIONAL_REDIRECT_HEADERS_n (optional):
stringwhere n is a non zero natural number; additional header added during redirect to LOGIN_PATH. - STYLE (optional):
stringin CSS format, a stylesheet applied to either LOGIN_PATH and CALLBACK_PATH. - CALLBACK_TEXT (optional):
string; callback h1 text. - CALLBACK_ERROR (optional):
string; callback error. - CALLBACK_TITLE (optional):
string; callback html title head tag. - CALLBACK_EXPLANATION (optional):
string; callback description. - LOGIN_TITLE (optional):
string; login html title head tag. - LOGIN_TEXT (optional):
string; login h1 text. - LOGIN_EXPLANATION (optional):
string; login description. - LOGIN_ERROR (optional):
string; login error. - CONTINUE_BUTTON (optional):
string; continue button text. - CANCEL_BUTTON (optional):
string; cancel button text.
Identity Provider Parameters
Identity Provider Parameters where n is a non zero natural number:
- ISSUER_n:
url; OpenID Connect well-known file location; ex: https://www.acme.org/.well-known/openid-configuration (opens in a new tab). - CLIENT_ID_n:
string; an application public identifier. Created during client registration in the server. - CLIENT_SECRET_n:
string; a secret key, known only by the client and the authorization server. Created during client registration in the server. - BUTTON_TEXT_n:
string; Text displayed inside the button; ex: login viaacme.org. - AUTHENTICATION_PROTOCOL_n:
string; openidconnect. - BUTTON_FILLED_n (optional):
booleandefaulttrue; button style filled. - USERINFO_ENDPOINT_n (optional):
booleandefaultfalse; gaining user info merged from user info endpoint with JWT access token. - USERINFO_APPROVAL_n (optional):
booleandefaulttrue; user share ingormation approval. - BUTTON_IMAGE_BASE64_n (opzionale):
stringbase64 encoded; left icon button.