Rev 625 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
261 | daniel-mar | 1 | |
2 | OVERVIEW OF ALL CONFIG.INC.PHP SETTINGS |
||
3 | ======================================= |
||
4 | |||
294 | daniel-mar | 5 | The file userdata/baseconfig/config.inc.php contains various settings |
261 | daniel-mar | 6 | which are essential to connect to your database and other |
7 | things that should be known before the database connection |
||
8 | is opened. |
||
294 | daniel-mar | 9 | Other settings are stored in the database (table "config") |
261 | daniel-mar | 10 | and can be accessed using the admin login area. |
11 | |||
294 | daniel-mar | 12 | The setup assistant (/setup/) will lead you through |
13 | the creation of the most important settings of config.inc.php. |
||
261 | daniel-mar | 14 | |
294 | daniel-mar | 15 | Below you will find a list of all possible config settings |
16 | of the default OIDplus installation/plugins. |
||
17 | Please note that a plugin can define any key. |
||
18 | |||
19 | |||
261 | daniel-mar | 20 | ------------------------------------- |
21 | (1) CONFIG SETTINGS PROVIDED BY SETUP |
||
22 | ------------------------------------- |
||
23 | |||
24 | OIDplus::baseConfig()->setValue('CONFIG_VERSION', 2.1); |
||
25 | Old 2.0 format: define('OIDPLUS_CONFIG_VERSION', 2.0); |
||
26 | |||
471 | daniel-mar | 27 | OIDplus::baseConfig()->setValue('ADMIN_PASSWORD', '<BCrypt hash, or base64 encoded SHA3-512 hash>'); |
28 | Old 2.0 format: define('OIDPLUS_ADMIN_PASSWORD', '<BCrypt hash, or base64 encoded SHA3-512 hash>'); |
||
609 | daniel-mar | 29 | If you want to have multiple valid administrator passwords |
30 | (e.g. if you want multiple users), then this value can |
||
31 | also be an array containing hashes. |
||
261 | daniel-mar | 32 | |
33 | OIDplus::baseConfig()->setValue('DATABASE_PLUGIN', ''); |
||
34 | Old 2.0 format: define('OIDPLUS_DATABASE_PLUGIN', ''); |
||
35 | |||
36 | OIDplus::baseConfig()->setValue('ODBC_DSN', 'DRIVER={SQL Server};SERVER=localhost;DATABASE=oidplus;CHARSET=UTF8'); |
||
37 | Old 2.0 format: define('OIDPLUS_ODBC_DSN', 'DRIVER={SQL Server};SERVER=localhost;DATABASE=oidplus;CHARSET=UTF8'); |
||
38 | |||
39 | OIDplus::baseConfig()->setValue('ODBC_USERNAME', 'sa'); |
||
40 | Old 2.0 format: define('OIDPLUS_ODBC_USERNAME', 'sa'); |
||
41 | |||
42 | OIDplus::baseConfig()->setValue('ODBC_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
||
43 | Old 2.0 format: define('OIDPLUS_ODBC_PASSWORD', '<base64_encoded_password>'); // must be base64 encoded |
||
44 | Information: The base64 encoding "protects" your password from being read if |
||
45 | someone quickly looks at your display while you have the configuration file opened. |
||
46 | |||
47 | OIDplus::baseConfig()->setValue('PDO_DSN', 'pgsql:host=localhost;dbname=oidplus'); |
||
48 | Old 2.0 format: define('OIDPLUS_PDO_DSN', 'pgsql:host=localhost;dbname=oidplus'); |
||
49 | |||
50 | OIDplus::baseConfig()->setValue('PDO_USERNAME', 'postgres'); |
||
51 | Old 2.0 format: define('OIDPLUS_PDO_USERNAME', 'postgres'); |
||
52 | |||
53 | OIDplus::baseConfig()->setValue('PDO_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
||
54 | Old 2.0 format: define('OIDPLUS_PDO_PASSWORD', '<base64_encoded_password>'); // must be base64 encoded |
||
55 | Information: The base64 encoding "protects" your password from being read if |
||
56 | someone quickly looks at your display while you have the configuration file opened. |
||
57 | |||
58 | OIDplus::baseConfig()->setValue('MYSQL_HOST', 'localhost:3306'); |
||
59 | Old 2.0 format: define('OIDPLUS_MYSQL_HOST', 'localhost:3306'); |
||
60 | Information: Port is optional |
||
61 | |||
62 | OIDplus::baseConfig()->setValue('MYSQL_USERNAME', 'root'); |
||
63 | Old 2.0 format: define('OIDPLUS_MYSQL_USERNAME', 'root'); |
||
64 | |||
65 | OIDplus::baseConfig()->setValue('MYSQL_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
||
66 | Old 2.0 format: define('OIDPLUS_MYSQL_PASSWORD', '<base64_encoded_password>'); // must be base64 encoded |
||
67 | Information: The base64 encoding "protects" your password from being read if |
||
68 | someone quickly looks at your display while you have the configuration file opened. |
||
69 | |||
70 | OIDplus::baseConfig()->setValue('MYSQL_DATABASE', 'oidplus'); |
||
71 | Old 2.0 format: define('OIDPLUS_MYSQL_DATABASE', 'oidplus'); |
||
72 | |||
73 | OIDplus::baseConfig()->setValue('PGSQL_HOST', 'localhost:5432'); |
||
74 | Old 2.0 format: define('OIDPLUS_PGSQL_HOST', 'localhost:5432'); |
||
75 | Information: Port is optional |
||
76 | |||
77 | OIDplus::baseConfig()->setValue('PGSQL_USERNAME', 'postgres'); |
||
78 | Old 2.0 format: define('OIDPLUS_PGSQL_USERNAME', 'postgres'); |
||
79 | |||
80 | OIDplus::baseConfig()->setValue('PGSQL_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
||
81 | Old 2.0 format: define('OIDPLUS_PGSQL_PASSWORD', '<base64_encoded_password>'); // must be base64 encoded |
||
82 | Information: The base64 encoding "protects" your password from being read if |
||
83 | someone quickly looks at your display while you have the configuration file opened. |
||
84 | |||
85 | OIDplus::baseConfig()->setValue('PGSQL_DATABASE', 'oidplus'); |
||
86 | Old 2.0 format: define('OIDPLUS_PGSQL_DATABASE', 'oidplus'); |
||
87 | |||
264 | daniel-mar | 88 | |
294 | daniel-mar | 89 | OIDplus::baseConfig()->setValue('SQLITE3_FILE', 'userdata/database/oidplus.db'); |
90 | Old 2.0 format: define('OIDPLUS_SQLITE3_FILE', 'userdata/database/oidplus.db'); |
||
264 | daniel-mar | 91 | Attention: This file must be located in a location that is not world-readable/downloadable! |
92 | |||
93 | OIDplus::baseConfig()->setValue('SQLITE3_ENCRYPTION', ''); |
||
94 | Old 2.0 format: define('OIDPLUS_SQLITE3_ENCRYPTION', ''); |
||
95 | Note: Options |
||
96 | |||
261 | daniel-mar | 97 | OIDplus::baseConfig()->setValue('TABLENAME_PREFIX', 'oidplus_'); |
98 | Old 2.0 format: define('OIDPLUS_TABLENAME_PREFIX', 'oidplus_'); |
||
99 | |||
100 | OIDplus::baseConfig()->setValue('SERVER_SECRET', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'); |
||
101 | Old 2.0 format: define('OIDPLUS_SESSION_SECRET', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'); |
||
102 | Information: It is very very important that you choose a long sequence of |
||
103 | random characters. OIDplus uses this secret for various |
||
104 | security related purposes. If someone accidently received this secret, |
||
105 | please change the sequence. |
||
106 | |||
107 | OIDplus::baseConfig()->setValue('RECAPTCHA_ENABLED', true); |
||
108 | Old 2.0 format: define('RECAPTCHA_ENABLED', 0); |
||
702 | daniel-mar | 109 | Deprecated! |
110 | RECAPTCHA_ENABLED=true becomes CAPTCHA_PLUGIN=ReCAPTCHA |
||
111 | RECAPTCHA_ENABLED=false becomes CAPTCHA_PLUGIN=None |
||
261 | daniel-mar | 112 | |
113 | OIDplus::baseConfig()->setValue('RECAPTCHA_PUBLIC', ''); |
||
114 | Old 2.0 format: define('RECAPTCHA_PUBLIC', ''); |
||
115 | |||
116 | OIDplus::baseConfig()->setValue('RECAPTCHA_PRIVATE', ''); |
||
117 | Old 2.0 format: define('RECAPTCHA_PRIVATE', ''); |
||
118 | |||
119 | OIDplus::baseConfig()->setValue('ENFORCE_SSL', 2); |
||
120 | Old 2.0 format: define('OIDPLUS_ENFORCE_SSL', 2); |
||
121 | Information: Values 0 (off), 1 (on), 2 (auto detect) |
||
122 | |||
123 | |||
124 | ---------------------- |
||
374 | daniel-mar | 125 | (2) SYSTEM LIMITATIONS (defined and documented in includes/oidplus_limits.inc.php , can be overwritten by config.inc.php) |
261 | daniel-mar | 126 | ---------------------- |
127 | |||
128 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_DEPTH', 30); |
||
129 | Old 2.0 format: define('OIDPLUS_MAX_OID_DEPTH', 30); |
||
374 | daniel-mar | 130 | Information: Please read the documentation in the file includes/oidplus_limits.inc.php |
261 | daniel-mar | 131 | |
132 | OIDplus::baseConfig()->setValue('LIMITS_MAX_ID_LENGTH', 255); |
||
133 | Old 2.0 format: define('OIDPLUS_MAX_OID_ARC_SIZE', 255); |
||
374 | daniel-mar | 134 | Information: Please read the documentation in the file includes/oidplus_limits.inc.php |
261 | daniel-mar | 135 | |
136 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_ARC_SIZE', 50); |
||
137 | Old 2.0 format: define('OIDPLUS_MAX_OID_ARC_SIZE', 50); |
||
374 | daniel-mar | 138 | Information: Please read the documentation in the file includes/oidplus_limits.inc.php |
261 | daniel-mar | 139 | |
140 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_ASN1_ID_LEN', 255); |
||
141 | Old 2.0 format: define('OIDPLUS_MAX_OID_ASN1_ID_LEN', 255); |
||
374 | daniel-mar | 142 | Information: Please read the documentation in the file includes/oidplus_limits.inc.php |
261 | daniel-mar | 143 | |
144 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_UNICODE_LABEL_LEN', 255); |
||
145 | Old 2.0 format: define('OIDPLUS_MAX_OID_UNICODE_LABEL_LEN', 255); |
||
374 | daniel-mar | 146 | Information: Please read the documentation in the file includes/oidplus_limits.inc.php |
261 | daniel-mar | 147 | |
148 | |||
149 | ----------------------------------------- |
||
150 | (3) "HIDDEN"/UNDOCUMENTED CONFIG SETTINGS |
||
151 | ----------------------------------------- |
||
152 | |||
153 | OIDplus::baseConfig()->setValue('OIDINFO_API_URL', '<url>'); |
||
154 | Old 2.0 format: define('OIDINFO_API_URL', '<url>'); |
||
155 | Information: Currently only internal use for development utilities (dev/). |
||
502 | daniel-mar | 156 | The API to oid-info.com is currently not public. |
261 | daniel-mar | 157 | |
158 | OIDplus::baseConfig()->setValue('REGISTRATION_HIDE_SYSTEM', true); |
||
159 | Old 2.0 format: define('REGISTRATION_HIDE_SYSTEM', true); |
||
160 | Information: Set this if you have a clone of a productive system and you want |
||
161 | to avoid that the clone registers at the ViaThinkSoft directory |
||
162 | (which would overwrite the URL of the productive system and reveal |
||
163 | the URL of your testing system) |
||
164 | |||
165 | OIDplus::baseConfig()->setValue('MYSQL_FORCE_MYSQLND_SUPPLEMENT', false); |
||
166 | Old 2.0 format: define('OIDPLUS_MYSQL_FORCE_MYSQLND_SUPPLEMENT', false); |
||
167 | Information: The MySQLi plugin contains a supplement code to handle |
||
168 | prepared statements on servers which do not have the MySQLnd extension |
||
169 | installed. Set this flag to force the supplement to be used, |
||
170 | even if MySQLnd is available. (For testing purposes only) |
||
171 | |||
172 | OIDplus::baseConfig()->setValue('QUERY_LOGFILE', ''); |
||
173 | Old 2.0 format: define('OIDPLUS_MYSQL_QUERYLOG', false); |
||
174 | Information: Set this setting to a filename where all queries including timestamps would be written. |
||
175 | This is used for performance analysis. |
||
176 | Please choose a directory that cannot be accessed by world-wide. |
||
177 | |||
178 | OIDplus::baseConfig()->setValue('SESSION_LIFETIME', 30*60); |
||
179 | Old 2.0 format: define('SESSION_LIFETIME', 30*60); |
||
180 | Information: Session lifetime in seconds. |
||
181 | |||
182 | OIDplus::baseConfig()->setValue('OBJECT_CACHING', true); |
||
183 | Old 2.0 format: define('OIDPLUS_OBJECT_CACHING', true); |
||
184 | |||
185 | OIDplus::baseConfig()->setValue('FORCE_DBMS_SLANG', ''); |
||
186 | Old 2.0 format: define('DBMS_SLANG', ''); |
||
264 | daniel-mar | 187 | Information: Currently valid values: mysql, mssql, pgsql, sqlite |
261 | daniel-mar | 188 | |
502 | daniel-mar | 189 | OIDplus::baseConfig()->setValue('PREPARED_STATEMENTS_EMULATION', 'auto'); |
190 | Old 2.0 format: define('PREPARED_STATEMENTS_EMULATION', 'auto'); |
||
191 | Information: Currently only for ODBC database plugin. |
||
192 | 'auto' = Auto detect if prepared statements should be emulated |
||
193 | 'on' = Always emulate prepared statements |
||
194 | 'off' = Never emulate prepared statements |
||
195 | |||
261 | daniel-mar | 196 | OIDplus::baseConfig()->setValue('MINIFY_CSS', true); |
197 | Old 2.0 format: define('DO_MINIFY', true); |
||
417 | daniel-mar | 198 | This enables the compression of CSS definitions. |
199 | Compressed approx: 220 KB |
||
200 | Uncompressed approx: 224 KB |
||
261 | daniel-mar | 201 | |
202 | OIDplus::baseConfig()->setValue('MINIFY_JS', true); |
||
203 | Old 2.0 format: (Not available) |
||
417 | daniel-mar | 204 | This enables the compression of JavaScript code. |
205 | Please only disable this, if you want to debug |
||
206 | the code! You should not disable it on a productive |
||
207 | system, because otherwise the JavaScript code |
||
208 | would be several Megabytes large. |
||
209 | Compressed approx: 1133 KB |
||
210 | Unompressed approx: 2761 KB |
||
261 | daniel-mar | 211 | |
297 | daniel-mar | 212 | OIDplus::baseConfig()->setValue('DISABLE_PLUGIN_...', true); |
213 | Old 2.0 format: define('OIDPLUS_DISABLE_PLUGIN_...', true); |
||
214 | Information: This gives you the possibility to disable a plugin without |
||
215 | requiring it to be removed from the file system. |
||
216 | (Removing a plugin from the file system can result in various |
||
217 | problems, e.g. they can be re-added during a SVN/software update.) |
||
218 | Replace "..." with the main PHP class of the plugin you want to disable |
||
219 | Example: |
||
220 | "DISABLE_PLUGIN_OIDplusLoggerPluginUserdataLogfile" |
||
221 | disables the plugin "logger/300_userdata_logfile". |
||
316 | daniel-mar | 222 | |
223 | OIDplus::baseConfig()->setValue('DISABLE_AJAX_TRANSACTIONS', false); |
||
224 | Old 2.0 format: define('OIDPLUS_DISABLE_AJAX_TRANSACTIONS', false); |
||
225 | This will disable the usage of database transactions in ajax.php |
||
226 | Do only use this if you have severe problems with the system running. |
||
227 | It might result in inconsistent data e.g. if you update an OID |
||
228 | and an error occurs in the middle of that process. |
||
326 | daniel-mar | 229 | |
230 | OIDplus::baseConfig()->setValue('EXPLICIT_ABSOLUTE_SYSTEM_URL', ''); |
||
231 | Old 2.0 format: define('OIDPLUS_EXPLICIT_ABSOLUTE_SYSTEM_URL', ''); |
||
232 | This setting can override the absolute system URL, which is used at CLI WHOIS |
||
233 | and possibly other modules. It has no effect on relative URLs. |
||
234 | If this setting is not set, the last known absolute URL |
||
235 | will be remembered and used when a CLI call is made. |
||
430 | daniel-mar | 236 | |
456 | daniel-mar | 237 | OIDplus::baseConfig()->setValue('DEBUG', false); |
238 | Old 2.0 format: (Not available) |
||
239 | Enables some special checks for plugins (e.g. a self-test for auth plugins). |
||
240 | It is highly recommended that you enable DEBUG if you are developing |
||
241 | plugins! |
||
470 | daniel-mar | 242 | It is recommended to disable this switch in productive systems, |
243 | because the self-tests decrease the performance. |
||
244 | However, after installing a new plugin, you might want to enable |
||
245 | it for a few minutes, to make sure the plugin is working correctly. |
||
430 | daniel-mar | 246 | |
557 | daniel-mar | 247 | OIDplus::baseConfig()->setValue('COOKIE_SAMESITE_POLICY', 'Strict'); |
248 | Old 2.0 format: (Not available) |
||
249 | Defined which "SameSite" policy should be used for the cookies OIDplus uses. |
||
250 | Can be "None", "Lax" or "Strict". |
||
251 | "Strict" is the most secure setting. |
||
252 | "Lax" allows that people stay logged in if they follow a link pointing |
||
253 | to your OIDplus installation. |
||
254 | "None" is not recommended and is deprecated by modern web browsers. |
||
255 | However, OIDplus itself provides an Anti-CSRF mechanism, so you should be |
||
256 | still safe. |
||
456 | daniel-mar | 257 | |
617 | daniel-mar | 258 | OIDplus::baseConfig()->getValue('RA_PASSWORD_PEPPER',''); |
259 | Old 2.0 format: (Not available) |
||
260 | The pepper is stored inside the base configuration file |
||
261 | It prevents that an attacker with SQL write rights can |
||
262 | create accounts. |
||
263 | ATTENTION!!! If a pepper is used, then the |
||
264 | hashes are bound to that pepper. If you change the pepper, |
||
265 | then ALL passwords of RAs become INVALID! |
||
557 | daniel-mar | 266 | |
617 | daniel-mar | 267 | |
430 | daniel-mar | 268 | ---------------------------------------------------- |
269 | (4) LDAP FIELDS (see document ldap_installation.txt) |
||
270 | ---------------------------------------------------- |
||
271 | |||
620 | daniel-mar | 272 | OIDplus::baseConfig()->setValue('LDAP_ENABLED', true); |
273 | Set to true if you want to enable that users can log-in using LDAP / ActiveDirectory. |
||
432 | daniel-mar | 274 | |
625 | daniel-mar | 275 | OIDplus::baseConfig()->setValue('LDAP_NUM_DOMAINS', 1); |
276 | Contains the number of domains/servers which are used. |
||
277 | For 2nd, 3rd, 4th, ... domain use the fields LDAP_xxx__2, LDAP_xxx__3, ... |
||
278 | e.g. LDAP_SERVER__2 |
||
279 | LDAP_PORT__2 |
||
280 | LDAP_BASE_DN__2 |
||
281 | ... |
||
282 | |||
620 | daniel-mar | 283 | OIDplus::baseConfig()->setValue('LDAP_SERVER', 'ldap://server1.contoso.local'); |
284 | The LDAP server of your company. |
||
432 | daniel-mar | 285 | |
620 | daniel-mar | 286 | OIDplus::baseConfig()->setValue('LDAP_PORT', 389); |
287 | The port of the LDAP server |
||
288 | |||
289 | OIDplus::baseConfig()->setValue('LDAP_BASE_DN', 'DC=CONTOSO,DC=local'); |
||
290 | The base Distinguished Name (DN) of your directory. |
||
291 | |||
625 | daniel-mar | 292 | OIDplus::baseConfig()->setValue('LDAP_UPN_SUFFIX', '@contoso.local'); |
293 | The UPN suffix of this domain. |
||
294 | |||
295 | OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_UPN', true); |
||
620 | daniel-mar | 296 | In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
297 | and in OIDplus, a RA account with an email equal to the UPN will be created. |
||
298 | |||
299 | OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_EMAIL', false); |
||
300 | In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
||
301 | and in OIDplus, a RA account with an email equal to the "E-Mail-Address" field of the user in the directory will be created. |
||
302 | Note: If you did not set an email address to the user in the LDAP/ActiveDirectory, then the login will not be possible, |
||
303 | except if LDAP_AUTHENTICATE_UPN is additionally enabled. |
||
304 | Attention: Depending on your domain configuration, users might be able to change their own data, |
||
305 | e.g. email address. If this is the case, you must not enable this setting, otherwise, |
||
306 | users could authenticate with any address! |
||
307 | |||
623 | daniel-mar | 308 | OIDplus::baseConfig()->setValue('LDAP_ADMIN_GROUP', ''); |
309 | If set to an empty string, the OIDplus administrator account cannot be accessed using LDAP authentication. |
||
310 | Otherwise, the user will be authenticated as administrator, if the LDAP user is a |
||
624 | daniel-mar | 311 | member of the group specified in this setting. |
623 | daniel-mar | 312 | Example values: CN=Administrators,CN=Builtin,DC=CONTOSO,DC=local |
313 | makes every domain administrator also an OIDplus administrator |
||
314 | CN=OIDplus Administrators,CN=Users,DC=CONTOSO,DC=local |
||
315 | makes every user of the group (OIDplus Administrators) to OIDplus administrators |
||
316 | |||
317 | OIDplus::baseConfig()->setValue('LDAP_RA_GROUP', ''); |
||
318 | If set to an empty string, every LDAP user can authenticate as RA, depending |
||
319 | on whether LDAP_AUTHENTICATE_UPN and/or LDAP_AUTHENTICATE_EMAIL is set. |
||
624 | daniel-mar | 320 | Otherwise, the LDAP users must be a member of the group specified in this setting. |
620 | daniel-mar | 321 | |
322 | |||
432 | daniel-mar | 323 | ---------------------------------------------------------------------- |
324 | (5) GOOGLE OAUTH2 FIELDS (see document google_oauth2_installation.txt) |
||
325 | ---------------------------------------------------------------------- |
||
326 | |||
327 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_ENABLED', true); |
||
328 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_ID', '..............apps.googleusercontent.com'); |
||
329 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_SECRET', '.............'); |
||
436 | daniel-mar | 330 | |
331 | |||
332 | ------------------------------------------------------------------------- |
||
333 | (6) FACEBOOK OAUTH2 FIELDS (see document facebook_oauth2_installation.txt) |
||
334 | ------------------------------------------------------------------------- |
||
335 | |||
336 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_ENABLED', true); |
||
337 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_ID', '.............'); // Your App ID |
||
338 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_SECRET', '.............'); // Your App Secret |
||
572 | daniel-mar | 339 | |
340 | |||
341 | ---------------------------------------------------- |
||
342 | (7) JWT AUTHENTICATION FIELDS |
||
343 | ---------------------------------------------------- |
||
344 | |||
345 | If a web request contains the field "OIDPLUS_AUTH_JWT" containing a signed JWT token, |
||
346 | an automatic one-time login is performed in order to execute commands. |
||
347 | This feature is used in the plugins "Automated AJAX calls" for admins and RAs. |
||
348 | With these switches you can disable this feature. |
||
349 | |||
350 | OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_ADMIN', true); |
||
351 | Old 2.0 format: (Not available) |
||
352 | Allow JWT tokens that were created using the admin-plugin |
||
353 | "Automated AJAX calls". |
||
354 | |||
355 | OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_USER', true); |
||
356 | Old 2.0 format: (Not available) |
||
357 | Allow JWT tokens that were created using the RA-plugin |
||
358 | "Automated AJAX calls". |
||
359 | |||
360 | OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_ADMIN', true); |
||
361 | Old 2.0 format: (Not available) |
||
579 | daniel-mar | 362 | Allow "Remember me" logins for the administrator account. |
572 | daniel-mar | 363 | |
364 | OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_USER', true); |
||
365 | Old 2.0 format: (Not available) |
||
579 | daniel-mar | 366 | Allow "Remember me" logins for a RA. |
572 | daniel-mar | 367 | |
585 | daniel-mar | 368 | OIDplus::baseConfig()->setValue('JWT_ALLOW_MANUAL', false); |
572 | daniel-mar | 369 | Old 2.0 format: (Not available) |
370 | Allow JWT tokens which were manually created "by hand". |
||
371 | These can have any content you like, but they must |
||
372 | contain the claim "oidplus_generator" with value "2". |
||
583 | daniel-mar | 373 | |
374 | OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_USER', 10*365*24*60*60); |
||
375 | Old 2.0 format: (Not available) |
||
376 | How many seconds will a "remember me" login JWT token be valid? |
||
377 | (RA login) |
||
378 | |||
379 | OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_ADMIN', 10*365*24*60*60); |
||
380 | Old 2.0 format: (Not available) |
||
381 | How many seconds will a "remember me" login JWT token be valid? |
||
382 | (Administrator login) |