commit 121b7a240ac77d63ed8aad862bc43ea48631faa9
parent d3fcb73f85f58cc1c6b1cac950d60b0f03248a79
Author: dankert <devnull@localhost>
Date: Thu, 15 Feb 2007 23:34:29 +0100
Single-Sign-on und SSL-Client-Certificate
Diffstat:
1 file changed, 59 insertions(+), 0 deletions(-)
diff --git a/config/security.ini.php b/config/security.ini.php
@@ -73,3 +73,62 @@ sql = "select 1 from table where user={username} and password=md5({password})"
; if the user exists in the external database, should it
; automatically be inserted into the openrat internal table?
add = true
+
+
+
+; SSL Client certificate Authentication
+[ssl]
+
+; The environment variable name which has the username out of the certificate.
+; See modssl-configuration for more infos:
+; http://httpd.apache.org/docs/2.0/mod/mod_ssl.html.en#envvars
+; if blank, ssl client auth is unused (default)
+user_var=
+;user_var="REMOTE_USER"
+;user_var="SSL_CLIENT_S_DN"
+;user_var="SSL_CLIENT_S_DN_CN"
+
+; if 'true', you trust the client certificate fully, this is a passwordless login!
+; take care tto have an useful webserver configuration where you only trust CA-signed certificates.
+; if 'true', the 'user_var' is needed.
+trust=false
+
+
+
+; Single Sign-on
+; These settings are an example for checking login against "PhpMyAdmin".
+; PhpMyAdmin must include a link to Openrat with the authid which includes the serialized cookies.
+; Example: Include this in the file .../phpmyadmin/main.php:
+; <a href="https://example.com/openrat/?authid=<?php echo urlencode(serialize($_COOKIE)) ?>">OpenRat</a>
+[sso]
+
+; use single sign-on? Set to 'true' or 'false'.
+enable=false
+
+; the url against the auth-id will be checked.
+;url="http://localhost/check.php?phpsessid={id}&check=true"
+url="https://www.example.com/phpmyadmin/main.php?server=1"
+
+; the name of the parameter, where OpenRat will receive the Id, which will then be checked.
+auth_param_name=authid
+
+; is the auth-id serialized?
+auth_param_serialized=true
+
+; the auth-id will be used as a cookie
+cookie=true
+
+; if the auth-id is no array, use this cookie-name.
+cookie_name=
+
+force=true
+
+; leave this blank.
+expect=
+
+; this is a regular expression which checks, if the login at the third-party-system is ok.
+expect_regexp="/running on/"
+
+; regular expression for find out the username
+; this example is used for "PhpMyAdmin"
+username_regexp="/running on localhost as ([a-z]+)@localhost/"