mirror/snipe-it
3
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-10-30 03:42:35 +00:00
Code Issues Projects Releases Wiki Activity

POssible alternative to #17386 - adding SAML key size to env

Browse Source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2025-08-21 11:27:50 +01:00
parent 15f97b6cb9
commit 39e6223ff2
3 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.env.example
View File

@ -193,11 +193,17 @@ LDAP_TIME_LIM=600
IMPORT_TIME_LIMIT=600 IMPORT_TIME_LIMIT=600
IMPORT_MEMORY_LIMIT=500M IMPORT_MEMORY_LIMIT=500M
REPORT_TIME_LIMIT=12000 REPORT_TIME_LIMIT=12000
REQUIRE_SAML=false
API_THROTTLE_PER_MINUTE=120 API_THROTTLE_PER_MINUTE=120
CSV_ESCAPE_FORMULAS=true CSV_ESCAPE_FORMULAS=true
LIVEWIRE_URL_PREFIX=null LIVEWIRE_URL_PREFIX=null
# --------------------------------------------
# OPTIONAL: SAML SETTINGS
# --------------------------------------------
REQUIRE_SAML=false
SAML_KEY_SIZE=2048
# -------------------------------------------- # --------------------------------------------
# OPTIONAL: HASHING # OPTIONAL: HASHING
# -------------------------------------------- # --------------------------------------------

2
app/Http/Requests/SettingsSamlRequest.php
View File

@ -109,7 +109,7 @@ class SettingsSamlRequest extends FormRequest
]; ];
$pkey = openssl_pkey_new([ $pkey = openssl_pkey_new([
'private_key_bits' => 2048, 'private_key_bits' => config('app.saml_key_size'),
'private_key_type' => OPENSSL_KEYTYPE_RSA, 'private_key_type' => OPENSSL_KEYTYPE_RSA,
]); ]);

19
config/app.php
View File

@ -207,7 +207,7 @@ return [
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Require SAML Login | Require SAML Login
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Disable the ability to login via form login, and disables the 'nosaml' | Disable the ability to login via form login, and disables the 'nosaml'
@ -220,6 +220,23 @@ return [
'require_saml' => env('REQUIRE_SAML', false), 'require_saml' => env('REQUIRE_SAML', false),
/*
|--------------------------------------------------------------------------
| SAML KEYS
|--------------------------------------------------------------------------
|
| This is the size of the keys used by openssl_pkey_new for SAML authentication.
| The default is 2048 bits, but this can be changed to 3072 or 4096 bits
| for higher security. Note that this will increase the time it takes to
| generate the keys, so it is not recommended to set this to a very high value
| unless you have a specific need for it.
|
| The European Commission now requires at least 3072-bit keys for new SAML certificates
| @link https://github.com/grokability/snipe-it/issues/17386
*/
'saml_key_size' => env('SAML_KEY_SIZE', 2048),
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------