4 files changed, 41 insertions, 3 deletions

diff --git a/lib/config/default.js b/lib/config/default.js
index 273bad02..8d36db02 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -96,8 +96,23 @@ module.exports = {
     searchBase: undefined,
     searchFilter: undefined,
     searchAttributes: undefined,
+    usernameField: undefined,
     tlsca: undefined
   },
+  saml: {
+    idpSsoUrl: undefined,
+    idpCert: undefined,
+    issuer: undefined,
+    identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+    groupAttribute: undefined,
+    externalGroups: [],
+    requiredGroups: [],
+    attribute: {
+      id: undefined,
+      username: undefined,
+      email: undefined
+    }
+  },
   email: true,
   allowemailregister: true,
   allowpdfexport: true
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 0c272f05..27e63591 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -1,6 +1,6 @@
 'use strict'
 
-const {toBooleanConfig} = require('./utils')
+const {toBooleanConfig, toArrayConfig} = require('./utils')
 
 module.exports = {
   domain: process.env.HMD_DOMAIN,
@@ -15,7 +15,7 @@ module.exports = {
     preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
   },
   protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
-  alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined,
+  alloworigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN),
   usecdn: toBooleanConfig(process.env.HMD_USECDN),
   allowanonymous: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS),
   allowfreeurl: toBooleanConfig(process.env.HMD_ALLOW_FREEURL),
@@ -70,9 +70,24 @@ module.exports = {
     tokenSecret: process.env.HMD_LDAP_TOKENSECRET,
     searchBase: process.env.HMD_LDAP_SEARCHBASE,
     searchFilter: process.env.HMD_LDAP_SEARCHFILTER,
-    searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES,
+    searchAttributes: toArrayConfig(process.env.HMD_LDAP_SEARCHATTRIBUTES),
+    usernameField: process.env.HMD_LDAP_USERNAMEFIELD,
     tlsca: process.env.HMD_LDAP_TLS_CA
   },
+  saml: {
+    idpSsoUrl: process.env.HMD_SAML_IDPSSOURL,
+    idpCert: process.env.HMD_SAML_IDPCERT,
+    issuer: process.env.HMD_SAML_ISSUER,
+    identifierFormat: process.env.HMD_SAML_IDENTIFIERFORMAT,
+    groupAttribute: process.env.HMD_SAML_GROUPATTRIBUTE,
+    externalGroups: toArrayConfig(process.env.HMD_SAML_EXTERNALGROUPS, '|', []),
+    requiredGroups: toArrayConfig(process.env.HMD_SAML_REQUIREDGROUPS, '|', []),
+    attribute: {
+      id: process.env.HMD_SAML_ATTRIBUTE_ID,
+      username: process.env.HMD_SAML_ATTRIBUTE_USERNAME,
+      email: process.env.HMD_SAML_ATTRIBUTE_EMAIL
+    }
+  },
   email: toBooleanConfig(process.env.HMD_EMAIL),
   allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER),
   allowpdfexport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT)
diff --git a/lib/config/index.js b/lib/config/index.js
index cf6f2ada..a14f3197 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -92,6 +92,7 @@ config.isGitHubEnable = config.github.clientID && config.github.clientSecret
 config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret
 config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clientSecret
 config.isLDAPEnable = config.ldap.url
+config.isSAMLEnable = config.saml.idpSsoUrl
 config.isPDFExportEnable = config.allowpdfexport
 
 // generate correct path
diff --git a/lib/config/utils.js b/lib/config/utils.js
index 11bbd8cb..9ff2f96d 100644
--- a/lib/config/utils.js
+++ b/lib/config/utils.js
@@ -6,3 +6,10 @@ exports.toBooleanConfig = function toBooleanConfig (configValue) {
   }
   return configValue
 }
+
+exports.toArrayConfig = function toArrayConfig (configValue, separator = ',', fallback) {
+  if (configValue && typeof configValue === 'string') {
+    return (configValue.split(separator).map(arrayItem => arrayItem.trim()))
+  }
+  return fallback
+}