Rev 806 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 261 | daniel-mar | 1 | |
| 2 | OVERVIEW OF ALL CONFIG.INC.PHP SETTINGS |
||
| 3 | ======================================= |
||
| 4 | |||
| 294 | daniel-mar | 5 | The file userdata/baseconfig/config.inc.php contains various settings |
| 261 | daniel-mar | 6 | which are essential to connect to your database and other |
| 7 | things that should be known before the database connection |
||
| 8 | is opened. |
||
| 294 | daniel-mar | 9 | Other settings are stored in the database (table "config") |
| 261 | daniel-mar | 10 | and can be accessed using the admin login area. |
| 11 | |||
| 294 | daniel-mar | 12 | The setup assistant (/setup/) will lead you through |
| 13 | the creation of the most important settings of config.inc.php. |
||
| 261 | daniel-mar | 14 | |
| 294 | daniel-mar | 15 | Below you will find a list of all possible config settings |
| 16 | of the default OIDplus installation/plugins. |
||
| 17 | Please note that a plugin can define any key. |
||
| 18 | |||
| 19 | |||
| 261 | daniel-mar | 20 | ------------------------------------- |
| 21 | (1) CONFIG SETTINGS PROVIDED BY SETUP |
||
| 22 | ------------------------------------- |
||
| 23 | |||
| 24 | OIDplus::baseConfig()->setValue('CONFIG_VERSION', 2.1); |
||
| 25 | |||
| 471 | daniel-mar | 26 | OIDplus::baseConfig()->setValue('ADMIN_PASSWORD', '<BCrypt hash, or base64 encoded SHA3-512 hash>'); |
| 609 | daniel-mar | 27 | If you want to have multiple valid administrator passwords |
| 28 | (e.g. if you want multiple users), then this value can |
||
| 29 | also be an array containing hashes. |
||
| 261 | daniel-mar | 30 | |
| 31 | OIDplus::baseConfig()->setValue('DATABASE_PLUGIN', ''); |
||
| 786 | daniel-mar | 32 | Valid values: see plugins (setup/) |
| 261 | daniel-mar | 33 | |
| 786 | daniel-mar | 34 | OIDplus::baseConfig()->setValue('OCI_CONN_STR', 'localhost/orcl'); |
| 35 | Can be a Oracle connection string/TNS or a hostname like |
||
| 36 | |||
| 37 | OIDplus::baseConfig()->setValue('OCI_USERNAME', 'hr'); |
||
| 38 | |||
| 39 | OIDplus::baseConfig()->setValue('OCI_PASSWORD', 'oracle'); |
||
| 40 | |||
| 261 | daniel-mar | 41 | OIDplus::baseConfig()->setValue('ODBC_DSN', 'DRIVER={SQL Server};SERVER=localhost;DATABASE=oidplus;CHARSET=UTF8'); |
| 42 | |||
| 43 | OIDplus::baseConfig()->setValue('ODBC_USERNAME', 'sa'); |
||
| 44 | |||
| 45 | OIDplus::baseConfig()->setValue('ODBC_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
||
| 713 | daniel-mar | 46 | The base64 encoding "protects" your password from being read if |
| 261 | daniel-mar | 47 | someone quickly looks at your display while you have the configuration file opened. |
| 48 | |||
| 49 | OIDplus::baseConfig()->setValue('PDO_DSN', 'pgsql:host=localhost;dbname=oidplus'); |
||
| 50 | |||
| 51 | OIDplus::baseConfig()->setValue('PDO_USERNAME', 'postgres'); |
||
| 52 | |||
| 53 | OIDplus::baseConfig()->setValue('PDO_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
||
| 713 | daniel-mar | 54 | The base64 encoding "protects" your password from being read if |
| 261 | daniel-mar | 55 | someone quickly looks at your display while you have the configuration file opened. |
| 56 | |||
| 57 | OIDplus::baseConfig()->setValue('MYSQL_HOST', 'localhost:3306'); |
||
| 713 | daniel-mar | 58 | Port is optional |
| 261 | daniel-mar | 59 | |
| 60 | OIDplus::baseConfig()->setValue('MYSQL_USERNAME', 'root'); |
||
| 61 | |||
| 62 | OIDplus::baseConfig()->setValue('MYSQL_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
||
| 713 | daniel-mar | 63 | The base64 encoding "protects" your password from being read if |
| 261 | daniel-mar | 64 | someone quickly looks at your display while you have the configuration file opened. |
| 65 | |||
| 66 | OIDplus::baseConfig()->setValue('MYSQL_DATABASE', 'oidplus'); |
||
| 67 | |||
| 68 | OIDplus::baseConfig()->setValue('PGSQL_HOST', 'localhost:5432'); |
||
| 713 | daniel-mar | 69 | Port is optional |
| 261 | daniel-mar | 70 | |
| 71 | OIDplus::baseConfig()->setValue('PGSQL_USERNAME', 'postgres'); |
||
| 72 | |||
| 73 | OIDplus::baseConfig()->setValue('PGSQL_PASSWORD', base64_decode('<base64_encoded_password>')); // alternatively as plaintext |
||
| 713 | daniel-mar | 74 | The base64 encoding "protects" your password from being read if |
| 261 | daniel-mar | 75 | someone quickly looks at your display while you have the configuration file opened. |
| 76 | |||
| 77 | OIDplus::baseConfig()->setValue('PGSQL_DATABASE', 'oidplus'); |
||
| 78 | |||
| 264 | daniel-mar | 79 | |
| 713 | daniel-mar | 80 | OIDplus::baseConfig()->setValue('SQLITE3_FILE', 'userdata/database/oidplus.db'); |
| 81 | Attention: This file must be located in a location that is not world-readable/downloadable! |
||
| 264 | daniel-mar | 82 | |
| 713 | daniel-mar | 83 | OIDplus::baseConfig()->setValue('SQLITE3_ENCRYPTION', ''); |
| 84 | Optional encryption |
||
| 264 | daniel-mar | 85 | |
| 261 | daniel-mar | 86 | OIDplus::baseConfig()->setValue('TABLENAME_PREFIX', 'oidplus_'); |
| 87 | |||
| 88 | OIDplus::baseConfig()->setValue('SERVER_SECRET', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'); |
||
| 713 | daniel-mar | 89 | It is very very important that you choose a long sequence of |
| 261 | daniel-mar | 90 | random characters. OIDplus uses this secret for various |
| 91 | security related purposes. If someone accidently received this secret, |
||
| 92 | please change the sequence. |
||
| 93 | |||
| 713 | daniel-mar | 94 | OIDplus::baseConfig()->setValue('CAPTCHA_PLUGIN', 'None'); |
| 95 | |||
| 261 | daniel-mar | 96 | OIDplus::baseConfig()->setValue('RECAPTCHA_ENABLED', true); |
| 702 | daniel-mar | 97 | Deprecated! |
| 98 | RECAPTCHA_ENABLED=true becomes CAPTCHA_PLUGIN=ReCAPTCHA |
||
| 99 | RECAPTCHA_ENABLED=false becomes CAPTCHA_PLUGIN=None |
||
| 261 | daniel-mar | 100 | |
| 101 | OIDplus::baseConfig()->setValue('RECAPTCHA_PUBLIC', ''); |
||
| 713 | daniel-mar | 102 | Only used if CAPTCHA_PLUGIN=ReCAPTCHA |
| 261 | daniel-mar | 103 | |
| 104 | OIDplus::baseConfig()->setValue('RECAPTCHA_PRIVATE', ''); |
||
| 713 | daniel-mar | 105 | Only used if CAPTCHA_PLUGIN=ReCAPTCHA |
| 261 | daniel-mar | 106 | |
| 107 | OIDplus::baseConfig()->setValue('ENFORCE_SSL', 2); |
||
| 713 | daniel-mar | 108 | Values 0 (off), 1 (on), 2 (auto detect) |
| 261 | daniel-mar | 109 | |
| 110 | |||
| 111 | ---------------------- |
||
| 374 | daniel-mar | 112 | (2) SYSTEM LIMITATIONS (defined and documented in includes/oidplus_limits.inc.php , can be overwritten by config.inc.php) |
| 261 | daniel-mar | 113 | ---------------------- |
| 114 | |||
| 115 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_DEPTH', 30); |
||
| 713 | daniel-mar | 116 | Please read the documentation in the file includes/oidplus_limits.inc.php |
| 261 | daniel-mar | 117 | |
| 118 | OIDplus::baseConfig()->setValue('LIMITS_MAX_ID_LENGTH', 255); |
||
| 713 | daniel-mar | 119 | Please read the documentation in the file includes/oidplus_limits.inc.php |
| 261 | daniel-mar | 120 | |
| 121 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_ARC_SIZE', 50); |
||
| 713 | daniel-mar | 122 | Please read the documentation in the file includes/oidplus_limits.inc.php |
| 261 | daniel-mar | 123 | |
| 124 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_ASN1_ID_LEN', 255); |
||
| 713 | daniel-mar | 125 | Please read the documentation in the file includes/oidplus_limits.inc.php |
| 261 | daniel-mar | 126 | |
| 127 | OIDplus::baseConfig()->setValue('LIMITS_MAX_OID_UNICODE_LABEL_LEN', 255); |
||
| 713 | daniel-mar | 128 | Please read the documentation in the file includes/oidplus_limits.inc.php |
| 261 | daniel-mar | 129 | |
| 130 | |||
| 131 | ----------------------------------------- |
||
| 132 | (3) "HIDDEN"/UNDOCUMENTED CONFIG SETTINGS |
||
| 133 | ----------------------------------------- |
||
| 134 | |||
| 135 | OIDplus::baseConfig()->setValue('OIDINFO_API_URL', '<url>'); |
||
| 713 | daniel-mar | 136 | Currently only internal use for development utilities (dev/). |
| 502 | daniel-mar | 137 | The API to oid-info.com is currently not public. |
| 261 | daniel-mar | 138 | |
| 139 | OIDplus::baseConfig()->setValue('REGISTRATION_HIDE_SYSTEM', true); |
||
| 713 | daniel-mar | 140 | Set this if you have a clone of a productive system and you want |
| 261 | daniel-mar | 141 | to avoid that the clone registers at the ViaThinkSoft directory |
| 142 | (which would overwrite the URL of the productive system and reveal |
||
| 143 | the URL of your testing system) |
||
| 144 | |||
| 145 | OIDplus::baseConfig()->setValue('MYSQL_FORCE_MYSQLND_SUPPLEMENT', false); |
||
| 713 | daniel-mar | 146 | The MySQLi plugin contains a supplement code to handle |
| 261 | daniel-mar | 147 | prepared statements on servers which do not have the MySQLnd extension |
| 148 | installed. Set this flag to force the supplement to be used, |
||
| 149 | even if MySQLnd is available. (For testing purposes only) |
||
| 150 | |||
| 151 | OIDplus::baseConfig()->setValue('QUERY_LOGFILE', ''); |
||
| 713 | daniel-mar | 152 | Set this setting to a filename where all queries including timestamps would be written. |
| 261 | daniel-mar | 153 | This is used for performance analysis. |
| 154 | Please choose a directory that cannot be accessed by world-wide. |
||
| 155 | |||
| 156 | OIDplus::baseConfig()->setValue('SESSION_LIFETIME', 30*60); |
||
| 713 | daniel-mar | 157 | Session lifetime in seconds. |
| 261 | daniel-mar | 158 | |
| 159 | OIDplus::baseConfig()->setValue('OBJECT_CACHING', true); |
||
| 160 | |||
| 161 | OIDplus::baseConfig()->setValue('FORCE_DBMS_SLANG', ''); |
||
| 713 | daniel-mar | 162 | Currently valid values: mysql, mssql, pgsql, sqlite |
| 261 | daniel-mar | 163 | |
| 502 | daniel-mar | 164 | OIDplus::baseConfig()->setValue('PREPARED_STATEMENTS_EMULATION', 'auto'); |
| 713 | daniel-mar | 165 | Currently only for ODBC database plugin. |
| 502 | daniel-mar | 166 | 'auto' = Auto detect if prepared statements should be emulated |
| 167 | 'on' = Always emulate prepared statements |
||
| 168 | 'off' = Never emulate prepared statements |
||
| 169 | |||
| 261 | daniel-mar | 170 | OIDplus::baseConfig()->setValue('MINIFY_CSS', true); |
| 417 | daniel-mar | 171 | This enables the compression of CSS definitions. |
| 172 | Compressed approx: 220 KB |
||
| 173 | Uncompressed approx: 224 KB |
||
| 261 | daniel-mar | 174 | |
| 175 | OIDplus::baseConfig()->setValue('MINIFY_JS', true); |
||
| 417 | daniel-mar | 176 | This enables the compression of JavaScript code. |
| 177 | Please only disable this, if you want to debug |
||
| 178 | the code! You should not disable it on a productive |
||
| 179 | system, because otherwise the JavaScript code |
||
| 180 | would be several Megabytes large. |
||
| 181 | Compressed approx: 1133 KB |
||
| 182 | Unompressed approx: 2761 KB |
||
| 261 | daniel-mar | 183 | |
| 297 | daniel-mar | 184 | OIDplus::baseConfig()->setValue('DISABLE_PLUGIN_...', true); |
| 713 | daniel-mar | 185 | This gives you the possibility to disable a plugin without |
| 297 | daniel-mar | 186 | requiring it to be removed from the file system. |
| 187 | (Removing a plugin from the file system can result in various |
||
| 188 | problems, e.g. they can be re-added during a SVN/software update.) |
||
| 189 | Replace "..." with the main PHP class of the plugin you want to disable |
||
| 190 | Example: |
||
| 191 | "DISABLE_PLUGIN_OIDplusLoggerPluginUserdataLogfile" |
||
| 192 | disables the plugin "logger/300_userdata_logfile". |
||
| 316 | daniel-mar | 193 | |
| 194 | OIDplus::baseConfig()->setValue('DISABLE_AJAX_TRANSACTIONS', false); |
||
| 195 | This will disable the usage of database transactions in ajax.php |
||
| 196 | Do only use this if you have severe problems with the system running. |
||
| 197 | It might result in inconsistent data e.g. if you update an OID |
||
| 198 | and an error occurs in the middle of that process. |
||
| 326 | daniel-mar | 199 | |
| 806 | daniel-mar | 200 | OIDplus::baseConfig()->setValue('CANONICAL_SYSTEM_URL', ''); |
| 201 | Setting this value to a system URL will override the absolute system URL detection. |
||
| 202 | It has the following effects: |
||
| 203 | 1. The "canonical" metatag will use this explicit system URL |
||
| 204 | instead of the one the PHP script is detecting. |
||
| 205 | (This is important to avoid duplicate content at search indexes) |
||
| 206 | 2. CLI WHOIS and other CLI (Command-line-interface) tools |
||
| 207 | will use this address when they need to output an URL. |
||
| 208 | Otherwise, the CLI tools would need to use the last known |
||
| 209 | URL that was detected when a webpage visitor has last visited the |
||
| 210 | page. |
||
| 211 | 3. While most resources (images, CSS files, scripts, etc.) are loaded |
||
| 212 | via relative URLs, sometimes an absolute URL is required |
||
| 213 | (e.g., if an email is sent with an activation link). |
||
| 214 | The explicit absolute system URL will then be used rather |
||
| 215 | than the automatically detected one. |
||
| 216 | Note that setting an absolute system URL can be very useful if |
||
| 217 | OIDplus runs on a system (which detects itself as "X"), |
||
| 807 | daniel-mar | 218 | while the canonical URL "Y" is a reverse-proxy. |
| 778 | daniel-mar | 219 | |
| 456 | daniel-mar | 220 | OIDplus::baseConfig()->setValue('DEBUG', false); |
| 221 | Enables some special checks for plugins (e.g. a self-test for auth plugins). |
||
| 222 | It is highly recommended that you enable DEBUG if you are developing |
||
| 223 | plugins! |
||
| 470 | daniel-mar | 224 | It is recommended to disable this switch in productive systems, |
| 225 | because the self-tests decrease the performance. |
||
| 226 | However, after installing a new plugin, you might want to enable |
||
| 227 | it for a few minutes, to make sure the plugin is working correctly. |
||
| 430 | daniel-mar | 228 | |
| 557 | daniel-mar | 229 | OIDplus::baseConfig()->setValue('COOKIE_SAMESITE_POLICY', 'Strict'); |
| 230 | Defined which "SameSite" policy should be used for the cookies OIDplus uses. |
||
| 231 | Can be "None", "Lax" or "Strict". |
||
| 232 | "Strict" is the most secure setting. |
||
| 233 | "Lax" allows that people stay logged in if they follow a link pointing |
||
| 234 | to your OIDplus installation. |
||
| 235 | "None" is not recommended and is deprecated by modern web browsers. |
||
| 236 | However, OIDplus itself provides an Anti-CSRF mechanism, so you should be |
||
| 237 | still safe. |
||
| 456 | daniel-mar | 238 | |
| 713 | daniel-mar | 239 | OIDplus::baseConfig()->getValue('RA_PASSWORD_PEPPER', ''); |
| 617 | daniel-mar | 240 | The pepper is stored inside the base configuration file |
| 241 | It prevents that an attacker with SQL write rights can |
||
| 242 | create accounts. |
||
| 243 | ATTENTION!!! If a pepper is used, then the |
||
| 244 | hashes are bound to that pepper. If you change the pepper, |
||
| 245 | then ALL passwords of RAs become INVALID! |
||
| 557 | daniel-mar | 246 | |
| 713 | daniel-mar | 247 | OIDplus::baseConfig()->getValue('RA_PASSWORD_PEPPER_ALGO', 'sha512'); |
| 711 | daniel-mar | 248 | The pepper is stored inside the base configuration file |
| 249 | It prevents that an attacker with SQL write rights can |
||
| 250 | create accounts. |
||
| 251 | ATTENTION!!! If a pepper is used, then the |
||
| 252 | hashes are bound to that pepper. If you change the pepper, |
||
| 253 | then ALL passwords of RAs become INVALID! |
||
| 617 | daniel-mar | 254 | |
| 711 | daniel-mar | 255 | |
| 430 | daniel-mar | 256 | ---------------------------------------------------- |
| 257 | (4) LDAP FIELDS (see document ldap_installation.txt) |
||
| 258 | ---------------------------------------------------- |
||
| 259 | |||
| 620 | daniel-mar | 260 | OIDplus::baseConfig()->setValue('LDAP_ENABLED', true); |
| 261 | Set to true if you want to enable that users can log-in using LDAP / ActiveDirectory. |
||
| 432 | daniel-mar | 262 | |
| 625 | daniel-mar | 263 | OIDplus::baseConfig()->setValue('LDAP_NUM_DOMAINS', 1); |
| 264 | Contains the number of domains/servers which are used. |
||
| 265 | For 2nd, 3rd, 4th, ... domain use the fields LDAP_xxx__2, LDAP_xxx__3, ... |
||
| 266 | e.g. LDAP_SERVER__2 |
||
| 267 | LDAP_PORT__2 |
||
| 268 | LDAP_BASE_DN__2 |
||
| 269 | ... |
||
| 270 | |||
| 620 | daniel-mar | 271 | OIDplus::baseConfig()->setValue('LDAP_SERVER', 'ldap://server1.contoso.local'); |
| 272 | The LDAP server of your company. |
||
| 432 | daniel-mar | 273 | |
| 620 | daniel-mar | 274 | OIDplus::baseConfig()->setValue('LDAP_PORT', 389); |
| 275 | The port of the LDAP server |
||
| 276 | |||
| 277 | OIDplus::baseConfig()->setValue('LDAP_BASE_DN', 'DC=CONTOSO,DC=local'); |
||
| 278 | The base Distinguished Name (DN) of your directory. |
||
| 279 | |||
| 625 | daniel-mar | 280 | OIDplus::baseConfig()->setValue('LDAP_UPN_SUFFIX', '@contoso.local'); |
| 281 | The UPN suffix of this domain. |
||
| 282 | |||
| 283 | OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_UPN', true); |
||
| 620 | daniel-mar | 284 | In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
| 285 | and in OIDplus, a RA account with an email equal to the UPN will be created. |
||
| 286 | |||
| 287 | OIDplus::baseConfig()->setValue('LDAP_AUTHENTICATE_EMAIL', false); |
||
| 288 | In the login mask, the users will log in using the UPN ("principal name") e.g. username@contoso.local, |
||
| 289 | and in OIDplus, a RA account with an email equal to the "E-Mail-Address" field of the user in the directory will be created. |
||
| 290 | Note: If you did not set an email address to the user in the LDAP/ActiveDirectory, then the login will not be possible, |
||
| 291 | except if LDAP_AUTHENTICATE_UPN is additionally enabled. |
||
| 292 | Attention: Depending on your domain configuration, users might be able to change their own data, |
||
| 293 | e.g. email address. If this is the case, you must not enable this setting, otherwise, |
||
| 294 | users could authenticate with any address! |
||
| 295 | |||
| 623 | daniel-mar | 296 | OIDplus::baseConfig()->setValue('LDAP_ADMIN_GROUP', ''); |
| 297 | If set to an empty string, the OIDplus administrator account cannot be accessed using LDAP authentication. |
||
| 298 | Otherwise, the user will be authenticated as administrator, if the LDAP user is a |
||
| 624 | daniel-mar | 299 | member of the group specified in this setting. |
| 623 | daniel-mar | 300 | Example values: CN=Administrators,CN=Builtin,DC=CONTOSO,DC=local |
| 301 | makes every domain administrator also an OIDplus administrator |
||
| 302 | CN=OIDplus Administrators,CN=Users,DC=CONTOSO,DC=local |
||
| 303 | makes every user of the group (OIDplus Administrators) to OIDplus administrators |
||
| 304 | |||
| 305 | OIDplus::baseConfig()->setValue('LDAP_RA_GROUP', ''); |
||
| 306 | If set to an empty string, every LDAP user can authenticate as RA, depending |
||
| 307 | on whether LDAP_AUTHENTICATE_UPN and/or LDAP_AUTHENTICATE_EMAIL is set. |
||
| 624 | daniel-mar | 308 | Otherwise, the LDAP users must be a member of the group specified in this setting. |
| 620 | daniel-mar | 309 | |
| 310 | |||
| 432 | daniel-mar | 311 | ---------------------------------------------------------------------- |
| 312 | (5) GOOGLE OAUTH2 FIELDS (see document google_oauth2_installation.txt) |
||
| 313 | ---------------------------------------------------------------------- |
||
| 314 | |||
| 315 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_ENABLED', true); |
||
| 316 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_ID', '..............apps.googleusercontent.com'); |
||
| 317 | OIDplus::baseConfig()->setValue('GOOGLE_OAUTH2_CLIENT_SECRET', '.............'); |
||
| 436 | daniel-mar | 318 | |
| 319 | |||
| 320 | ------------------------------------------------------------------------- |
||
| 321 | (6) FACEBOOK OAUTH2 FIELDS (see document facebook_oauth2_installation.txt) |
||
| 322 | ------------------------------------------------------------------------- |
||
| 323 | |||
| 324 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_ENABLED', true); |
||
| 325 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_ID', '.............'); // Your App ID |
||
| 326 | OIDplus::baseConfig()->setValue('FACEBOOK_OAUTH2_CLIENT_SECRET', '.............'); // Your App Secret |
||
| 572 | daniel-mar | 327 | |
| 328 | |||
| 329 | ---------------------------------------------------- |
||
| 330 | (7) JWT AUTHENTICATION FIELDS |
||
| 331 | ---------------------------------------------------- |
||
| 332 | |||
| 333 | If a web request contains the field "OIDPLUS_AUTH_JWT" containing a signed JWT token, |
||
| 334 | an automatic one-time login is performed in order to execute commands. |
||
| 335 | This feature is used in the plugins "Automated AJAX calls" for admins and RAs. |
||
| 336 | With these switches you can disable this feature. |
||
| 337 | |||
| 338 | OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_ADMIN', true); |
||
| 339 | Allow JWT tokens that were created using the admin-plugin |
||
| 340 | "Automated AJAX calls". |
||
| 341 | |||
| 342 | OIDplus::baseConfig()->setValue('JWT_ALLOW_AJAX_USER', true); |
||
| 343 | Allow JWT tokens that were created using the RA-plugin |
||
| 344 | "Automated AJAX calls". |
||
| 345 | |||
| 346 | OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_ADMIN', true); |
||
| 579 | daniel-mar | 347 | Allow "Remember me" logins for the administrator account. |
| 572 | daniel-mar | 348 | |
| 349 | OIDplus::baseConfig()->setValue('JWT_ALLOW_LOGIN_USER', true); |
||
| 579 | daniel-mar | 350 | Allow "Remember me" logins for a RA. |
| 572 | daniel-mar | 351 | |
| 585 | daniel-mar | 352 | OIDplus::baseConfig()->setValue('JWT_ALLOW_MANUAL', false); |
| 572 | daniel-mar | 353 | Allow JWT tokens which were manually created "by hand". |
| 354 | These can have any content you like, but they must |
||
| 355 | contain the claim "oidplus_generator" with value "2". |
||
| 583 | daniel-mar | 356 | |
| 357 | OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_USER', 10*365*24*60*60); |
||
| 358 | How many seconds will a "remember me" login JWT token be valid? |
||
| 359 | (RA login) |
||
| 360 | |||
| 361 | OIDplus::baseConfig()->setValue('JWT_TTL_LOGIN_ADMIN', 10*365*24*60*60); |
||
| 362 | How many seconds will a "remember me" login JWT token be valid? |
||
| 363 | (Administrator login) |