// Uncomment the following to enable client SSL certificate authentication
/*
'CertAuth'=>array(
// CA
'ca'=>array('FIRST.Org'),// List of CAs authorized
'caId'=>'O',// Certificate field used to verify the CA. In this example, the field O (organization) of the client certificate has to equal to 'FIRST.Org' in order to validate the CA
// User/client configuration
'userModel'=>'User',// name of the User class (MISP class) to check if the user exists
'userModelKey'=>'email',// User field that will be used for querying. In this example, the field email of the MISP accounts will be used to search if the user exists.
'map'=>array(// maps client certificate attributes to User properties. This map will be used as conditions to find if the user exists. In this example, the client certificate fields 'O' (organization) and 'emailAddress' have to match with the MISP fields 'org' and 'email' to validate the user.
// 'memberOf', //Needed filter if roles should be added depending on group membership.
),
'ldapDefaultRoleId'=>3,// 3:User, 1:admin. May be good to set "1" for the first user
//ldapDefaultRoleId can also be set as an array to support creating users into different group, depending on ldap membership.
//This will only work if the ldap server supports memberOf
//'ldapDefaultRoleId' => array(
// 'misp_admin' => 1,
// 'misp_orgadmin' => 2,
// 'misp_user' => 3,
// 'misp_publisher' => 4,
// 'misp_syncuser' => 5,
// 'misp_readonly' => 6,
// ),
//
'ldapDefaultOrg'=>'1',// uses 1st local org in MISP if undefined,
'ldapAllowReferrals'=>true,// allow or disallow chasing LDAP referrals
//'ldapEmailField' => array('emailAddress, 'mail'), // Optional : fields from which the email address should be retrieved. Default to 'mail' only. If more than one field is set (e.g. 'emailAddress' and 'mail' in this example), only the first one will be used.
//'updateUser' => true, // Optional : Will update user on LDAP login to update user fields (e.g. role)
),
*/
// Warning: The following is a 3rd party contribution and still untested (including security) by the MISP-project team.
// Feel free to enable it and report back to us if you run into any issues.
//
// Uncomment the following to enable Azure AD authentication
/*
'AadAuth'=>array(
'client_id'=>'',// Client ID (see Azure AD)
'ad_tenant'=>'',// Directory ID (see Azure AD)
'client_secret'=>'',// Client secret (see Azure AD)
'redirect_uri'=>'',// Your MISP URI, must be the same as in Azure AD
'auth_provider'=>'https://login.microsoftonline.com/',// Can be left to this default
'auth_provider_user'=>'https://graph.microsoft.com/',// Can be left to this default
'misp_user'=>'MISP Users',// The AD group for MISP users
'misp_orgadmin'=>'MISP Administrators',// The AD group for MISP administrators
'misp_siteadmin'=>'MISP Site Administrators',// The AD group for MISP site administrators
'check_ad_groups'=>true// Should we check if the user belongs to one of the above AD groups?