Page Comparison

login.saml.enabled=false

Often

false

Configures whether SAML login is enabled

login.saml.key= <none>

Often

<none>

Configures the identity provider's entity id .

login.saml.attribute.domain= <none>

Often

<none>

Configures the domain of the saml users.

login.saml.label=Single Sign In

Rarely

Single Sign In

The label to display

login.saml.attributeMap=authenticationOnly

Often

authenticationOnly

Configures the integration method.

authenticationOnly - SAML used for authentication but PhixFlow manages user details and permissions.

okta - configured to support Okta based authentication and details.

userDetails - allows configuration of authentication and user details to be provided by saml.

login.saml.keystore.file

Often

classpath:keystore/samlKeystore.jks

Configures the location of the saml keystore

login.saml.keystore.password

Often

<none>

Configures the password to the saml keystore.

login.saml.keystore.key.password

Often

<none>

Configures the password to the secret in the saml keystore

login.saml.keystore.key.alias

Rarely

samlKey

Configures the alias of the secret stored in the saml keystore

login.saml.url.host

Often

localhost

Configures the externally resolvable hostname of the PhixFlow server. If behind a reverse proxy this will be the proxy’s hostname.

login.saml.url.port

Occasionally

443

Configures the port of the PhixFlow server, or that of the reverse proxy if it is being used.

login.saml.url.includePort

Rarely

false

Whether the port should be included in the generated url.

login.saml.url.path

Occasionally

/phixflow

Path that the webapp is installed under. If behind a reverse proxy this should be the path that the proxy forwards.

Make sure that you do not precede the path with a /, i.e. it should be the name of the webapp only, as in the example.

login.saml.metadata.entityId

Rarely

https://${login.saml.url.host}/${login.saml.url.path}

The value that globally identifies the PhixFlow instance.

login.saml.metadata.entityBaseUrl

Rarely

https://${login.saml.url.host}/${login.saml.url.path}

The public facing URL of the PhixFlow instance.

login.saml.metadata.file

Often

file:/opt/phixflow/data/saml-metadata/idp-metadata.xml

Path to the Identity Provider Metadata file.

login.saml.metadata.trustCheck

Rarely

true

Whether to validate incoming signatures.

login.saml.attribute.username

Occasionally

nameid

Used with the authenticationOnly and userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.fullname

Occasionally

displayname

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.firstname

Occasionally

givenname

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.lastname

Occasionally

surname

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.phonenumber

Occasionally

phonenumber

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.company

Occasionally

company

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.department

Occasionally

department

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.email

Occasionally

email

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.groups

Occasionally

group

Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.

login.saml.attribute.globalLogout

Occasionally

false

Used with the authenticationOnly and userDetails attribute map to determine whether logging out of PhixFlow should also trigger a logout of the identity provider.