Defines parameters how this tool will present itself to users productname: short display name of the tool productname_long: long display name of the tool from-mail: the "From" in email addresses sent by the tool. Typically an unattended mailbox only for sending.
admin-mail: email address where users can complain and comment to. Should be read by a human. abuse-mail: email address where copyright holders can complain. Should be read by a human. defaultlocale: language to use if user has no preferences in his browser, nor explicitly selects a language
API Tags:
Configuration for the simpleSAMLphp instance which authenticates CAT administrative users.
ssp-path-to-autoloader: points to the simpleSAMLphp autoloader location ssp-authsource: which authsource should we point to? attribute in which authsource transmits unique user identifier. Required. If multi-valued, first submitted value is taken. attribute in which authsource transmits user's mail address. Receiving this attribute is optional. attribute in which authsource transmits user's real name. Receiving this attribute is optional.
API Tags:
Defines various general parameters of the roaming consortium.
name: the display name of the consortium ssid: an array of default SSIDs for this consortium; they are automatically added to all installers. interworking-consortium-oi: Organisation Identifier of the roaming consortium for Interworking/Hotspot 2.0; a profile with these OIs will be added to all installers tkipsupport: whether the default SSIDs should be configured for WPA/TKIP and WPA2/AES (TRUE) or only for WPA2/AES (FALSE) homepage: URL of the consortium's general homepage. signer_name: if installers are configured for digital signature, this parameter should contain the "O" name in the certificate. If left empty, signatures are not advertised even if configured and working allow_self_service_registration: if set to NULL, federation admins need to invite new inst admins manually if set to a federation ID string, e.g. "DE" for Germany, new admins can self-register and will be put into that federation. registration_API_keys: allows select federations to make bulk registrations for new IdPs (e.g. if they have an own, opaque, customer management system. The API will be documented at a later stage LOGOS: there are several variants of the consortium logo scattered in the source. Please change them at the appropriate places:
- web/resources/images/consortium_logo.png
- web/favicon.ico
- devices/ms/Files/eduroam_150.bmp
- devices/ms/Files/eduroam32.ico
API Tags:
Set of database connection details. The third entry is only needed if you set $ENFORCE_EXTERNAL_DB_SYNC to TRUE.
See the extra notes on external sync enforcement below.
API Tags:
Verbosity of some of the core code. The following debug levels are supported:
- = production (silence)
- = normal debug
- = more debug
- = annoyingly much debug output
- = way too much debug output (level 4 + SQL query dump)
API Tags:
List of all supported languages in CAT. Comment some if you want to disable them
API Tags:
Configures the host to use to send emails to the outside world. We assume the host is able to listen on the new Submission port (TCP/587).
host: Submission host user: username for the login to the host pass: password for the username
API Tags:
Maximum size of files to be uploaded. Clever people can circumvent this; in the end, the hard limit is configured in php.ini
API Tags:
Various paths.
logdir: directory where all logs will be written to (debug and audit logs) installerdir: generated installers will be saved under this base directory. Path is relative to the web/ subdirectory. openssl: absolute path to the openssl executable. If you just fill in "openssl" the one from the system $PATH will be taken. makensis: absolute path to the makensis executable. If you just fill in "makensis" the one from the system $PATH will be taken. eapol_test: absolute path to the eapol_test executable. If you just fill in "eapol_test" the one from the system $PATH will be taken.
API Tags:
Configures the reachability tests, both for plain RADIUS/UDP and RADIUS/TLS.
UDP-hosts: an array of RADIUS servers to which login probes will be sent TLS-discoverytag: the DNS NAPTR label that should be used for finding RADIUS/TLS servers TLS-acceptableOIDs: defines which policy OID is expected from RADIUS/TLS servers and clients TLS-clientcerts: for full two-way auth, the TLS handshake must have access to client certificates. You can specify known-good certificates (expected=pass) and known-bad ones (expected=fail) For each accredited CA you should provide four server certificates: valid, expired, revoked, wrong policy so that all corner cases can be tested. Be sure to set "expected" to match your expectations regarding the outcome of the connection attempt.
API Tags: