From 2f462f90d4608763e5cb9618ec80d939a679fe2e Mon Sep 17 00:00:00 2001 From: oupala Date: Wed, 1 Jul 2020 11:52:17 +0200 Subject: style: linting markdown files Linting markdown files according to default remark-lint configuration. Files inside the `public` directory were not linted. Signed-off-by: oupala --- docs/guides/auth/saml.md | 70 ++++++++++++++++++++++++++++-------------------- 1 file changed, 41 insertions(+), 29 deletions(-) (limited to 'docs/guides/auth/saml.md') diff --git a/docs/guides/auth/saml.md b/docs/guides/auth/saml.md index 3a64f5f7..3b8291b7 100644 --- a/docs/guides/auth/saml.md +++ b/docs/guides/auth/saml.md @@ -1,19 +1,21 @@ -Authentication guide - SAML -=== +# Authentication guide - SAML -**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! The basic procedure is the same as the case of OneLogin which is mentioned in [OneLogin-Guide](./saml-onelogin.md). If you want to match your IdP, you can use more configurations as below. -* If your IdP accepts metadata XML of the service provider to ease configuration, use this url to download metadata XML. - * {{your-serverurl}}/auth/saml/metadata - * _Note: If not accessible from IdP, download to local once and upload to IdP._ -* Change the value of `issuer`, `identifierFormat` to match your IdP. - * `issuer`: A unique id to identify the application to the IdP, which is the base URL of your CodiMD as default - * `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as default. It is recommend that you use as below. - * urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (default) - * urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - * `config.json`: +- If your IdP accepts metadata XML of the service provider to ease configuration, use this url to download metadata XML. + - {{your-serverurl}}/auth/saml/metadata + - *Note:* If not accessible from IdP, download to local once and upload to IdP. + +- Change the value of `issuer`, `identifierFormat` to match your IdP. + - `issuer`: A unique id to identify the application to the IdP, which is the base URL of your CodiMD as default + + - `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as default. It is recommend that you use as below. + - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (default) + - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + + - `config.json`: ```javascript { "production": { @@ -25,19 +27,24 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O } } ``` - * environment variables - ``` + + - environment variables + ```env CMD_SAML_ISSUER=mycodimd CMD_SAML_IDENTIFIERFORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ``` -* Change mapping of attribute names to customize the displaying user name and email address to match your IdP. - * `attribute`: A dictionary to map attribute names - * `attribute.id`: A primary key of user table for your CodiMD - * `attribute.username`: Attribute name of displaying user name on CodiMD - * `attribute.email`: Attribute name of email address, which will be also used for Gravatar - * _Note: Default value of all attributes is NameID of SAML response, which is email address if `identifierFormat` is default._ - * `config.json`: +- Change mapping of attribute names to customize the displaying user name and email address to match your IdP. + - `attribute`: A dictionary to map attribute names + + - `attribute.id`: A primary key of user table for your CodiMD + + - `attribute.username`: Attribute name of displaying user name on CodiMD + + - `attribute.email`: Attribute name of email address, which will be also used for Gravatar + - *Note:* Default value of all attributes is NameID of SAML response, which is email address if `identifierFormat` is default. + + - `config.json`: ```javascript { "production": { @@ -52,19 +59,23 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O } } ``` - * environment variables + + - environment variables ```sh CMD_SAML_ATTRIBUTE_ID=sAMAccountName CMD_SAML_ATTRIBUTE_USERNAME=nickName CMD_SAML_ATTRIBUTE_EMAIL=mail ``` -* If you want to control permission by group membership, add group attribute name and required group (allowed) or external group (not allowed). - * `groupAttribute`: An attribute name of group membership - * `requiredGroups`: Group names array for allowed access to CodiMD. Use vertical bar to separate for environment variables. - * `externalGroups`: Group names array for not allowed access to CodiMD. Use vertical bar to separate for environment variables. - * _Note: Evaluates `externalGroups` first_ - * `config.json`: +- If you want to control permission by group membership, add group attribute name and required group (allowed) or external group (not allowed). + - `groupAttribute`: An attribute name of group membership + + - `requiredGroups`: Group names array for allowed access to CodiMD. Use vertical bar to separate for environment variables. + + - `externalGroups`: Group names array for not allowed access to CodiMD. Use vertical bar to separate for environment variables. + - *Note:* Evaluates `externalGroups` first + + - `config.json`: ```javascript { "production": { @@ -77,7 +88,8 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O } } ``` - * environment variables + + - environment variables ```sh CMD_SAML_GROUPATTRIBUTE=memberOf CMD_SAML_REQUIREDGROUPS=codimd-users|board-members -- cgit v1.2.3