add some environment variables for saml

resource/locales/en-US/translation.json

@@ -362,6 +362,7 @@
     "Treat email matching as identical": "Automatically bind external accounts newly logged in to local accounts when <code>%s</code> match",
     "Treat email matching as identical_warn": "WARNING: Be aware of security because the system treats the same user as a match of <code>%s</code>.",
     "Use env var if empty": "Use env var <code>%s</code> if empty",
+    "Use default if both are empty": "If both ​​are empty, the default value <code>%s</code> is used.",
     "ldap": {
       "server_url_detail": "The LDAP URL of the directory service in the format <code>ldap://host:port/DN</code> or <code>ldaps://host:port/DN</code>.",
       "bind_mode": "Binding Mode",
@@ -402,7 +403,8 @@
       "username_detail": "Specification of mappings for <code>username</code> when creating new users",
       "mapping_detail": "Specification of mappings for %s when creating new users",
       "cert_detail1": "PEM-encoded X.509 signing certificate to validate the response from IdP",
-      "cert_detail2": "Use env var <code>SAML_CERT</code> if empty, and no validation is processed if the variable is also undefined"
+      "cert_detail2": "If both are empty, no validation is processed.",
+      "Use env var if empty": "If the value in the database is empty, the value of the environment variable <code>%s</code> is used."
     },
     "OAuth": {
       "register": "Register for %s",

resource/locales/ja/translation.json

@@ -378,6 +378,7 @@
     "Treat email matching as identical": "新規ログイン時、<code>%s</code> が一致したローカルアカウントが存在した場合は自動的に紐付ける",
     "Treat email matching as identical_warn": "警告: <code>%s</code> の一致を以て同一ユーザーであるとみなすので、セキュリティに注意してください",
     "Use env var if empty": "空の場合、環境変数 <code>%s</code> を利用します",
+    "Use default if both are empty": "どちらの値も空の場合、デフォルト値 <code>%s</code> を利用します",
     "ldap": {
       "server_url_detail": "LDAP URLを <code>ldap://host:port/DN</code> または <code>ldaps://host:port/DN</code> の形式で入力してください。",
       "bind_mode": "Bind モード",
@@ -418,7 +419,8 @@
       "username_detail": "新規ユーザーのアカウント名(<code>username</code>)に関連付ける属性",
       "mapping_detail": "新規ユーザーの%sに関連付ける属性",
       "cert_detail1": "IdP からのレスポンスの validation を行うための、PEMエンコードされた X.509 証明書",
-      "cert_detail2": "空の場合は環境変数 <code>SAML_CERT</code> を利用し、そちらも存在しない場合は validation 自体を行いません"
+      "cert_detail2": "どちらの値も空の場合、validation 自体を行いません",
+      "Use env var if empty": "データベース側の値が空の場合、環境変数 <code>%s</code> の値を利用します"
     },
     "OAuth": {
       "register": "%sに登録",

src/server/service/config-loader.js

@@ -140,6 +140,36 @@ const ENV_VAR_NAME_TO_CONFIG_INFO = {
     type:    TYPES.STRING,
     default: null
   },
+  SAML_ATTR_MAPPING_ID: {
+    ns:      'crowi',
+    key:     'security:passport-saml:attrMapId',
+    type:    TYPES.STRING,
+    default: null
+  },
+  SAML_ATTR_MAPPING_USERNAME: {
+    ns:      'crowi',
+    key:     'security:passport-saml:attrMapUsername',
+    type:    TYPES.STRING,
+    default: null
+  },
+  SAML_ATTR_MAPPING_MAIL: {
+    ns:      'crowi',
+    key:     'security:passport-saml:attrMapMail',
+    type:    TYPES.STRING,
+    default: null
+  },
+  SAML_ATTR_MAPPING_FIRST_NAME: {
+    ns:      'crowi',
+    key:     'security:passport-saml:attrMapFirstName',
+    type:    TYPES.STRING,
+    default: null
+  },
+  SAML_ATTR_MAPPING_LAST_NAME: {
+    ns:      'crowi',
+    key:     'security:passport-saml:attrMapLastName',
+    type:    TYPES.STRING,
+    default: null
+  },
   SAML_CERT: {
     ns:      'crowi',
     key:     'security:passport-saml:cert',

src/server/views/admin/widget/passport/saml.html

@@ -71,17 +71,17 @@
                    type="text"
                    name="settingForm[security:passport-saml:entryPoint]"
                    value="{{ getConfigFromDB('crowi', 'security:passport-saml:entryPoint') || '' }}">
-            <p class="help-block">
-              <small>
-                {{ t("security_setting.Use env var if empty", "SAML_ENTRY_POINT") }}
-              </small>
-            </p>
           </td>
           <td>
             <input class="form-control"
                    type="text"
                    value="{{ getConfigFromEnvVars('crowi', 'security:passport-saml:entryPoint') || '' }}"
                    readonly>
+            <p class="help-block">
+              <small>
+                {{ t("security_setting.SAML.Use env var if empty", "SAML_ENTRY_POINT") }}
+              </small>
+            </p>
           </td>
         </tr>
         <tr>
@@ -91,17 +91,17 @@
                    type="text"
                    name="settingForm[security:passport-saml:issuer]"
                    value="{{ getConfigFromDB('crowi', 'security:passport-saml:issuer') || '' }}">
-            <p class="help-block">
-              <small>
-                {{ t("security_setting.Use env var if empty", "SAML_ISSUER") }}
-              </small>
-            </p>
           </td>
           <td>
             <input class="form-control"
                    type="text"
                    value="{{ getConfigFromEnvVars('crowi', 'security:passport-saml:issuer') || '' }}"
                    readonly>
+            <p class="help-block">
+              <small>
+                {{ t("security_setting.SAML.Use env var if empty", "SAML_ISSUER") }}
+              </small>
+            </p>
           </td>
         </tr>
       </tbody>
@@ -125,7 +125,7 @@
           <input class="form-control"
                  type="text"
                  name="settingForm[security:passport-saml:attrMapId]"
-                 value="{{ getConfigFromDB('security:passport-saml:attrMapId') || '' }}">
+                 value="{{ getConfigFromDB('crowi', 'security:passport-saml:attrMapId') || '' }}">
           <p class="help-block">
             <small>
               {{ t("security_setting.SAML.id_detail") }}
@@ -135,8 +135,13 @@
         <td>
           <input class="form-control"
                  type="text"
-                 value="{{ getConfigFromEnvVars('security:passport-saml:attrMapId') || '' }}"
+                 value="{{ getConfigFromEnvVars('crowi', 'security:passport-saml:attrMapId') || '' }}"
                  readonly>
+          <p class="help-block">
+            <small>
+              {{ t("security_setting.SAML.Use env var if empty", "SAML_ATTR_MAPPING_ID") }}
+            </small>
+          </p>
         </td>
       </tr>
       <tr>
@@ -145,7 +150,7 @@
           <input class="form-control"
                  type="text"
                  name="settingForm[security:passport-saml:attrMapUsername]"
-                 value="{{ getConfigFromDB('security:passport-saml:attrMapUsername') || '' }}">
+                 value="{{ getConfigFromDB('crowi', 'security:passport-saml:attrMapUsername') || '' }}">
           <p class="help-block">
             <small>
               {{ t("security_setting.SAML.username_detail") }}
@@ -155,8 +160,13 @@
         <td>
           <input class="form-control"
                  type="text"
-                 value="{{ getConfigFromEnvVars('security:passport-saml:attrMapUsername') || '' }}"
+                 value="{{ getConfigFromEnvVars('crowi', 'security:passport-saml:attrMapUsername') || '' }}"
                  readonly>
+          <p class="help-block">
+            <small>
+              {{ t("security_setting.SAML.Use env var if empty", "SAML_ATTR_MAPPING_USERNAME") }}
+            </small>
+          </p>
         </td>
       </tr>
       <tr>
@@ -165,7 +175,7 @@
           <input class="form-control"
                  type="text"
                  name="settingForm[security:passport-saml:attrMapMail]"
-                 value="{{ getConfigFromDB('security:passport-saml:attrMapMail') || '' }}">
+                 value="{{ getConfigFromDB('crowi', 'security:passport-saml:attrMapMail') || '' }}">
           <p class="help-block">
             <small>
               {{ t("security_setting.SAML.mapping_detail", t("Email")) }}
@@ -174,8 +184,13 @@
         <td>
           <input class="form-control"
                  type="text"
-                 value="{{ getConfigFromEnvVars('security:passport-saml:attrMapMail') || '' }}"
+                 value="{{ getConfigFromEnvVars('crowi', 'security:passport-saml:attrMapMail') || '' }}"
                  readonly>
+          <p class="help-block">
+            <small>
+              {{ t("security_setting.SAML.Use env var if empty", "SAML_ATTR_MAPPING_MAIL") }}
+            </small>
+          </p>
         </td>
       </tr>
       <tr>
@@ -183,9 +198,8 @@
         <td>
           <input class="form-control"
                  type="text"
-                 placeholder="Default: firstName"
                  name="settingForm[security:passport-saml:attrMapFirstName]"
-                 value="{{ getConfigFromDB('security:passport-saml:attrMapFirstName') || '' }}">
+                 value="{{ getConfigFromDB('crowi', 'security:passport-saml:attrMapFirstName') || '' }}">
           <p class="help-block">
             <small>
               {{ t("security_setting.SAML.mapping_detail", t("security_setting.SAML.First Name")) }}
@@ -195,8 +209,14 @@
         <td>
           <input class="form-control"
                  type="text"
-                 value="{{ getConfigFromEnvVars('security:passport-saml:attrMapFirstName') || '' }}"
+                 value="{{ getConfigFromEnvVars('crowi', 'security:passport-saml:attrMapFirstName') || '' }}"
                  readonly>
+          <p class="help-block">
+            <small>
+              {{ t("security_setting.SAML.Use env var if empty", "SAML_ATTR_MAPPING_FIRST_NAME") }}<br>
+              {{ t("security_setting.Use default if both are empty", "firstName") }}
+            </small>
+          </p>
         </td>
       </tr>
       <tr>
@@ -204,9 +224,8 @@
         <td>
           <input class="form-control"
                  type="text"
-                 placeholder="Default: lastName"
                  name="settingForm[security:passport-saml:attrMapLastName]"
-                 value="{{　getConfigFromDB('security:passport-saml:attrMapLastName') || '' }}">
+                 value="{{　getConfigFromDB('crowi', 'security:passport-saml:attrMapLastName') || '' }}">
           <p class="help-block">
             <small>
               {{ t("security_setting.SAML.mapping_detail", t("security_setting.SAML.Last Name")) }}
@@ -216,8 +235,14 @@
         <td>
           <input class="form-control"
                  type="text"
-                 value="{{　getConfigFromEnvVars('security:passport-saml:attrMapLastName') || '' }}"
+                 value="{{　getConfigFromEnvVars('crowi', 'security:passport-saml:attrMapLastName') || '' }}"
                  readonly>
+          <p class="help-block">
+            <small>
+              {{ t("security_setting.SAML.Use env var if empty", "SAML_ATTR_MAPPING_LAST_NAME") }}<br>
+              {{ t("security_setting.Use default if both are empty", "lastName") }}
+            </small>
+          </p>
         </td>
       </tr>
       </tbody>
@@ -281,14 +306,13 @@
           <th>Certificate</th>
           <td>
             <textarea class="form-control input-sm"
-                       type="text"
-                       rows="5"
-                       name="settingForm[security:passport-saml:cert]"
-            >{{ getConfigFromDB('security:passport-saml:cert') || '' }}</textarea>
+                      type="text"
+                      rows="5"
+                      name="settingForm[security:passport-saml:cert]"
+            >{{ getConfigFromDB('crowi', 'security:passport-saml:cert') || '' }}</textarea>
             <p class="help-block">
               <small>
-                {{ t("security_setting.SAML.cert_detail1") }}<br>
-                {{ t("security_setting.SAML.cert_detail2") }}
+                {{ t("security_setting.SAML.cert_detail1") }}
               </small>
             </p>
             <p>
@@ -305,12 +329,17 @@ pWVdnzS1VCO8fKsJ7YYIr+JmHvseph3kFUOI5RqkCcMZlKUv83aUThsTHw==
             </p>
           </td>
           <td>
-             <textarea class="form-control input-sm"
-                       type="text"
-                       rows="5"
-                       readonly>
-               {{ getConfigFromEnvVars('security:passport-saml:cert') || '' }}
-             </textarea>
+            <textarea class="form-control input-sm"
+                      type="text"
+                      rows="5"
+                      readonly
+            >{{ getConfigFromEnvVars('crowi', 'security:passport-saml:cert') || '' }}</textarea>
+            <p class="help-block">
+              <small>
+                {{ t("security_setting.SAML.Use env var if empty", "SAML_CERT") }}<br>
+                {{ t("security_setting.SAML.cert_detail2") }}
+              </small>
+            </p>
           </td>
         </tr>
       </tbody>