Property | Requires Configuration | Default Value | Explanation |
---|
login.saml.enabled=false | Often | false | Configures whether SAML login is enabled |
login.saml.key= <none> | Often | <none> | Configures the identity provider's entity id . |
login.saml.attribute.domain= <none> | Often | <none> | Configures the domain of the saml users. |
login.saml.label=Single Sign In | Rarely | Single Sign In | The label to display |
login.saml.attributeMap=authenticationOnly | Often | authenticationOnly | Configures the integration method. authenticationOnly - SAML used for authentication but PhixFlow manages user details and permissions. okta - configured to support Okta based authentication and details. userDetails - allows configuration of authentication and user details to be provided by saml. |
login.saml.keystore.file | Often | classpath:keystore/samlKeystore.jks | Configures the location of the saml keystore |
login.saml.keystore.password | Often | <none> | Configures the password to the saml keystore. |
login.saml.keystore.key.password | Often | <none> | Configures the password to the secret in the saml keystore |
login.saml.keystore.key.alias | Rarely | samlKey | Configures the alias of the secret stored in the saml keystore |
login.saml.url.host | Often | localhost | Configures the externally resolvable hostname of the PhixFlow server. If behind a reverse proxy this will be the proxy’s hostname. |
login.saml.url.port | Occasionally | 443 | Configures the port of the PhixFlow server, or that of the reverse proxy if it is being used. |
login.saml.url.includePort | Rarely | false | Whether the port should be included in the generated url. |
login.saml.url.path | Occasionally | /phixflow | Path that the webapp is installed under. If behind a reverse proxy this should be the path that the proxy forwardsthis should be the path that the proxy forwards. Make sure that you do not precede the path with a / , i.e. it should be the name of the webapp only, as in the example. |
login.saml.metadata.entityId | Rarely | https://${login.saml.url.host}/${login.saml.url.path} | The value that globally identifies the PhixFlow instance. |
login.saml.metadata.entityBaseUrl | Rarely | https://${login.saml.url.host}/${login.saml.url.path} | The public facing URL of the PhixFlow instance. |
login.saml.metadata.file | Often | file:/opt/phixflow/data/saml-metadata/idp-metadata.xml | Path to the Identity Provider Metadata file. |
login.saml.metadata.trustCheck | Rarely | true | Whether to validate incoming signatures. |
login.saml.attribute.username | Occasionally | nameid | Used with the authenticationOnly and userDetails attribute map to define the appropriate mapping from the incoming metadata. |
login.saml.attribute.fullname | Occasionally | displayname | Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata. |
login.saml.attribute.firstname | Occasionally | givenname | Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata. |
login.saml.attribute.lastname | Occasionally | surname | Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata. |
login.saml.attribute.phonenumber | Occasionally | phonenumber | Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata. |
login.saml.attribute.company | Occasionally | company | Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata. |
login.saml.attribute.department | Occasionally | department | Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata. |
login.saml.attribute.email | Occasionally | email | Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata. |
login.saml.attribute.groups | Occasionally | group | Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata. |
login.saml.attribute.globalLogout | Occasionally | false | Used with the authenticationOnly and userDetails attribute map to determine whether logging out of PhixFlow should also trigger a logout of the identity provider. |