From df53f465c0238e9a6a306df21cd7e04731056dd6 Mon Sep 17 00:00:00 2001
From: Emmanuel Ormancey
Date: Wed, 12 Dec 2018 10:40:24 +0100
Subject: Added a configuration option for passport-saml:
 disableRequestedAuthnContext: true|false

By default only Password authmethod is accepted, this option allows any other method.

Issue and option described here:
https://github.com/bergie/passport-saml/issues/226

Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
---
 docs/configuration-env-vars.md | 1 +
 1 file changed, 1 insertion(+)

(limited to 'docs/configuration-env-vars.md')

diff --git a/docs/configuration-env-vars.md b/docs/configuration-env-vars.md
index c81deab9..b512f485 100644
--- a/docs/configuration-env-vars.md
+++ b/docs/configuration-env-vars.md
@@ -183,6 +183,7 @@ defaultNotePath can't be set from env-vars
 | `CMD_SAML_IDPSSOURL` | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](guides/auth/saml-onelogin.md). |
 | `CMD_SAML_IDPCERT` | `/path/to/cert.pem` | certificate file path of IdP in PEM format |
 | `CMD_SAML_ISSUER` | no example | identity of the service provider (optional, default: serverurl)" |
+| `CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT` | `true` or `false` | true to allow any authentication method, false restricts to password authentication (PasswordProtectedTransport) method (default: false) |
 | `CMD_SAML_IDENTIFIERFORMAT` | no example | name identifier format (optional, default: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`) |
 | `CMD_SAML_GROUPATTRIBUTE` | `memberOf` | attribute name for group list (optional) |
 | `CMD_SAML_REQUIREDGROUPS` | `codimd-users` | group names that allowed (use vertical bar to separate) (optional) |
-- 
cgit v1.2.3