Parameters
Global Parameters
- JWT_PRIVATE_KEY: pem private key
string; private key used for JWT. - JWT_PUBLIC_KEY: pem public key
string; public key used for JWT. - SESSION_FLAVOUR (optional):
string; stateful and stateless, default stateful. for stateless session logout is currently unimplemented. - SESSION_DURATION (optional): ISO-8601
stringdefault is 5min; identity provider proxy session duration (ex: PT10M -> 10min); stateful refreshes its duration through every client interaction, stateless does not. - SESSION_COOKIE_SETTINGS (optional):
stringdefault ishttpOnly; secure;;separated value, the last cookie setting must be without; - SESSION_COOKIE_DOMAIN_LEVEL (optional):
u8default is2; How many domain parts are you including in the cookie starting from the right. If 0 the domain remains unchanged. ex:("www.example.com", 0) -> www.example.com, ("www.example.com", 2) -> .example.com, ("app.example.com", 2) -> .example.com, ("www.app.example.com", 6) -> .www.app.example.com, ("www.example.com", 3) -> .www.example.com. - SESSION_COOKIE_NAME (optional):
string. - BASE64_CUSTOM_LOGO_DARK (optional): base64 encoded
string; logo used for dark mode. - BASE64_CUSTOM_LOGO_LIGHT (optional): base64 encoded
string; logo used for light mode. - SKIP_IDP_CHOICE_IF_ONE (optional):
booleandefault isfalse; skip identity provider choice if there's only one: this will prevent the user from clicking the button "login via acme.org". - COLOR (optional):
stringrgb color; the base color all the shades are genereted from. - COLOR_SCHEME (optional):
stringlight, dark or auto; color scheme applied to the client. - BASE64_ICON (optional): base64 encoded
string; favicon. - LOGIN_PATH (optional):
stringdefault islogin; login path; inside the Identity Providerhttps://domain/login. - CALLBACK_PATH (optional):
stringdefault iscallback; callback path (where the Identity Provider will redirect back to the Relying Party); inside the Identity Providerhttps://domain/callback. - TRACE (optional):
booleandefault isfalse; debug log. - TRUST_SELF_SIGNED_CERT (optional):
booleandefault isfalse; http client SSL property. - ADDITIONAL_REDIRECT_HEADERS_n (optional):
stringwhere n is a non zero natural number; additional header added during redirect to LOGIN_PATH. - STYLE (optional):
stringin CSS format, a stylesheet applied to either LOGIN_PATH and CALLBACK_PATH. - CALLBACK_TEXT (optional):
string; callback h1 text. - CALLBACK_ERROR (optional):
string; callback error. - CALLBACK_TITLE (optional):
string; callback html title head tag. - CALLBACK_EXPLANATION (optional):
string; callback description. - LOGIN_TITLE (optional):
string; login html title head tag. - LOGIN_TEXT (optional):
string; login h1 text. - LOGIN_EXPLANATION (optional):
string; login description. - LOGIN_ERROR (optional):
string; login error. - CONTINUE_BUTTON (optional):
string; continue button text. - CANCEL_BUTTON (optional):
string; cancel button text.
Identity Provider Parameters
Identity Provider Parameters where n is a non zero natural number:
- ISSUER_n:
url; OpenID Connect well-known file location; ex: https://www.acme.org/.well-known/openid-configuration (opens in a new tab). - CLIENT_ID_n:
string; an application public identifier. Created during client registration in the server. - CLIENT_SECRET_n:
string; a secret key, known only by the client and the authorization server. Created during client registration in the server. - BUTTON_TEXT_n:
string; Text displayed inside the button; ex: login viaacme.org. - AUTHENTICATION_PROTOCOL_n:
string; openidconnect. - BUTTON_FILLED_n (optional):
booleandefaulttrue; button style filled. - USERINFO_ENDPOINT_n (optional):
booleandefaultfalse; gaining user info merged from user info endpoint with JWT access token. - USERINFO_APPROVAL_n (optional):
booleandefaulttrue; user share ingormation approval. - BUTTON_IMAGE_BASE64_n (opzional):
stringbase64 encoded; left icon button. - REPLACE_IN_ENTITY_CONFIGURATION_n (opzional) (OpenID Connect only):
stringwith this syntaxtoReplaceWord=newWord; used for substitution in cross tenant entity configuration (ex: Microsoft Entra,{tenantid}=5c756555-a890-459f-9f63-7738015a32e2) - SKIP_ISSUER_VERIFICATION_n (opzional) (OpenID Connect only):
booleandefaultfalse; Usually used for cross tenant authentication, it allows you to skip the verification of the issuer that started the authentication. During the callback phase the identity provider will pass the issuer of each cross tenant user.