~fkooman/vpn-user-portal

vpn-user-portal/CONFIG_CHANGES.md -rw-r--r-- 6.5 KiB
6a186e3fFrançois Kooman prepare for new release 30 days ago

#Configuration Changes

This document describes all configuration file changes since the 2.0.0 release. This in order to keep track of all changes that were made during the 2.x release cycle.

This will help upgrades to a future 3.x release. Configuration changes during the 2.x life cycle are NOT required. Any existing configuration file will keep working!

#2.3.13

Support permissionAttribute configuration option for the RADIUS authentication backend. This allows you to specify an attribute to be used for authorization. See documentation.

#2.3.12

remove sessionExpireAtNight as it is too complicated to implement correctly in eduVPN/Let's Connect! 2.x.

We have now the showPermissions option that takes a bool to show/hide the "Permission(s)" on the user's "Account" page. The default is true.

#2.3.11

We added the translation for Romanian (Romania). You can add it to config.php under supportedLanguages to enable it in your portal:

'ro-RO' => 'română'

#2.3.10

The sessionExpireAtNight option (taking a boolean) has been added. Read the docs on how to use it.

#2.3.9

We added the translation for Spanish (Latin America). You can add it to config.php under supportedLanguages to enable it in your portal:

'es_LA' => 'español',

#2.3.8

The FormLdapAuthentication section also takes searchBindDn and searchBindPass options now to allow binding to an LDAP server with an account before performing the user's DN search. See LDAP on how to use it.

#2.3.7

The authMethod, supportedLanguages and sessionExpiry now have defaults when the option is not specified. The authMethod default is FormPdoAuthentication, the supportedLanguages default is ['en_US' => 'English'] and the sessionExpiry default is P90D.

#2.3.5

Under Api the remoteAccessList is ignored from now on. When remoteAccess is set to true the official eduVPN server_list.json is downloaded, validated and used to allow access from token issued by the servers listed in that file.

The Api section is now completely optional. The consumerList option under Api is also optional now.

#2.3.4

We now support ClientCertAuthentication as well. It takes no configuration in config.php, see CLIENT_CERT_AUTH for how to set it up, together with web server configuration example.

#2.3.0

The SamlAuthentication module is removed. Use PhpSamlSpAuthentication instead. See PHP_SAML_SP and PHP_SAML_SP_UPGRADE

#2.2.6

We added support for array values of permissionAttribute in the FormLdapAuthentication module. Until now it only took a string. The values of the attributes will be merged and can be used for ACLs or access to the portal admin.

#2.2.5

We added the translation for Portuguese (Portugal). You can add it to config.php under supportedLanguages to enable it in your portal:

'pt_PT' => 'Português',

#2.2.4

You can now set userIdAttribute under FormLdapAuthentication. The value of the obtained attribute, instead of the provided "authUser" in the login form will be used as the user ID. For example:

'userIdAttribute' => 'uid',

If not provided, the exact user ID used for binding to the LDAP server will be used as the user ID in the VPN service.

You can also specify the addRealm option that takes a string value that will add a "realm" to the users specified "authUser". For example, if the user provides foo, an addRealm with value example.org would convert the "authUser" to foo@example.org. If the user specifies foo@bar.com and the addRealm value is example.org nothing will be changed.

#2.2.3

We added the translation for German (Germany). You can add it to config.php under supportedLanguages to enable it in your portal:

'de_DE' => 'Deutsch',

#2.2.0

We now support PhpSamlSpAuthentication authentication module. It takes all the options of SamlAuthentication, except spEntityId, idpMetadata, idpEntityId and discoUrl. See PHP_SAML_SP_UPGRADE

The use of SamlAuthentication is DEPRECATED and PhpSamlSpAuthentication is STILL not supported!

#2.1.3

We added the translation for Estonian (Estonia). You can add it to config.php under supportedLanguages to enable it in your portal:

'et_EE' => 'Eesti',

#2.1.0

We added the translation for Arabic (Morocco). You can add it to config.php under supportedLanguages to enable it in your portal:

'ar_MA' => 'العربية',

#2.0.14

It is now possible to completely reject users from the portal / API by requiring them to have a certain permission to get access.

The configuration option accessPermissionList takes an array of permissions, where the user is allowed access when they have at least one of the permissions listed. The permissions are taken from the permissionAttribute for the supporting authentication backends, or from static permissions.

For example:

'accessPermissionList' => ['administrators', 'employees'],

#2.0.9

  • add uk_UA translation. It can be added under supportedLanguages as 'uk_UA' => 'Українська'

#2.0.8

  • due to the update of php-saml-sp from this version on, also the "friendly" names can be used for the attributes instead of just the urn:oid variant with the SamlAuthentication plugin. See this file for a mapping

#2.0.7

  • SamlAuthentication -> permissionAttribute also takes an array now, instead of only a string, to allow multiple attributes to be used.
  • add pl_PL translation. It can be added under supportedLanguages as 'pl_PL' => 'polski'

#2.0.4

  • Add MellonAuthentication -> nameIdSerialization (bool) and spEntityId (string) configuration options to serialize eduPersonTargetedID to string in the same way the Shibboleth SP does this. In order to use it, the nameIdSerialization option has to be set to true and the spEntityId MUST be the entity ID of the SAML SP as configured in mod_auth_mellon