Defines parameters how this tool will present itself to users
- productname: short display name of the tool
- productname_long: long display name of the tool
- from-mail: the "From" in email addresses sent by the tool. Typically an unattended mailbox only for sending.
- admin-mail: email address where users can complain and comment to. Should be read by a human.
- invitation-bcc-mail: if set, will send all invitations with a bcc to this address. Generates LOTS of mostly unncessary email to that address.
- defaultlocale: language to use if user has no preferences in his browser, nor explicitly selects a language
- MOTD: message of the day - will be displayed in the header of all pages if set. Useful for service announcements.
API Tags:
Configuration for the simpleSAMLphp instance which authenticates CAT administrative users.
- ssp-path-to-autoloader: points to the simpleSAMLphp autoloader location
- ssp-authsource: which authsource should we point to?
- attribute in which authsource transmits unique user identifier. Required. If multi-valued, first submitted value is taken.
- attribute in which authsource transmits user's mail address. Receiving this attribute is optional.
- attribute in which authsource transmits user's real name. Receiving this attribute is optional.
API Tags:
Defines various general parameters of the roaming consortium.
- name: the display name of the consortium
- ssid: an array of default SSIDs for this consortium; they are automatically added to all installers.
- tkipsupport: whether the default SSIDs should be configured for WPA/TKIP and WPA2/AES (TRUE) or only for WPA2/AES (FALSE)
- homepage: URL of the consortium's general homepage.
- signer_name: if installers are configured for digital signature, this parameter should contain the "O" name in the certificate. If left empty, signatures are not advertised even if configured and working
- allow_self_service_registration: if set to NULL, federation admins need to invite new inst admins manually. If set to a federation ID string, e.g. "DE" for Germany, new admins can self-register and will be put into that federation.
- registration_API_keys: allows select federations to make bulk registrations for new IdPs (e.g. if they have
an own, opaque, customer management system. The API will be documented at a later stage
LOGOS: there are several variants of the consortium logo scattered in the source. Please change them at the appropriate places: - web/resources/images/consortium_logo.png
- web/favicon.ico
- devices/ms/Files/eduroam_150.bmp
- devices/ms/Files/eduroam32.ico
API Tags:
Set of database connection details.
The third entry is only needed if you set $ENFORCE_EXTERNAL_DB_SYNC to TRUE.
See the extra notes on external sync enforcement below.
API Tags:
Verbosity of some of the core code. The following debug levels are supported:
- = production (silence)
2 = normal debug3 = more debug
4 = annoyingly much debug output
5 = way too much debug output (level 4 + SQL query dump)
API Tags:
List of all supported languages in CAT. Comment some if you want to disable them
API Tags:
Maximum size of files to be uploaded. Clever people can circumvent this; in the end, the hard limit is configured in php.ini
API Tags:
Various paths.
- logdir: directory where all logs will be written to (debug and audit logs)
- openssl: absolute path to the openssl executable. If you just fill in "openssl" the one from the system $PATH will be taken.
- rad_eap_test: absolute path to the rad_eap_test executable. If you just fill in "rad_eap_test" the one from the system $PATH will be taken.
API Tags:
Configures the reachability tests, both for plain RADIUS/UDP and RADIUS/TLS.
- UDP-hosts: an array of RADIUS servers to which login probes will be sent
- TLS-discoverytag: the DNS NAPTR label that should be used for finding RADIUS/TLS servers
- TLS-acceptableOIDs: defines which policy OID is expected from RADIUS/TLS servers and clients
- TLS-clientcerts: for full two-way auth, the TLS handshake must have access to client certificates. You can specify known-good certificates (expected=pass) and known-bad ones (expected=fail)
For each accredited CA you should API Tags:
Who is allowed to access the installation check/local installation administration page on admin/112365365321.php ?
Fill the array with the authorized user identifiers as produced by simpleSAMLphp login.
The string 'I do not care about security!' is a backdoor which will give EVERYBODY access to the page. Remove this entry after finishing the installation.
API Tags: