Apps Config.php Parameters
Introduction
This document describes parameters for apps maintained by ownCloud that are not part of the core system.
All keys are only valid if the corresponding app is installed and enabled.
You must copy the keys needed to the active config.php
file.
Multiple configuration files
ownCloud supports loading configuration parameters from multiple files. You can add arbitrary files ending with .config.php in the config/ directory.
Example:
You could place your email server configuration in email.config.php
.
This allows you to easily create and manage custom configurations, or to divide a large complex configuration file into a set of smaller files.
These custom files are not overwritten by ownCloud, and the values in these files take precedence over config.php
.
ownCloud may write configurations into config.php
.
These configurations may conflict with identical keys already set in additional config files. Be careful when using this capability!
App: Admin Audit
App: Firstrunwizard
OpenID Connect(OIDC) Configuration
App: openidconnect
Configure OpenID Connect
The provider-url
, client-id
and client-secret
variables are to be
taken from the OpenID Connect Provider’s setup. The loginButtonName
variable can be freely chosen, depending on the installation.
The provider-params configuration array only needs to be used if the OpenID Connect Provider does NOT support service discovery. |
- autoRedirectOnLoginPage
-
If true, the login page will automatically be redirected to the OpenID Connect Provider, as when the button is pressed. The default is
false
. - mode
-
This is the attribute in the owncloud accounts table to search for users. The default value is
email
. An alternative value:userid
. - search-attribute
-
This is the claim from the OpenID Connect user information which shall be used for searching in the accounts table. The default value is
email
. For more information about the claim, see https://openid.net/specs/openid-connect-core-1_0.html#Claims. - use-token-introspection-endpoint
-
There are tokens which are not JSON WebToken(JWT) and information like the expiry cannot be read from the token itself. In these cases, the OpenID Connect Provider needs to call on the token introspection endpoint to get this information. The default value is
false
. See https://tools.ietf.org/html/rfc7662 for more information on token introspection.
Code Sample
'openid-connect' => [
'autoRedirectOnLoginPage' => false,
'client-id' => '',
'client-secret' => '',
'loginButtonName' => 'OpenId Connect',
'mode' => 'userid',
// Only required if the OpenID Connect Provider does not support service discovery
'provider-params' => [
'authorization_endpoint' => '',
'end_session_endpoint' => '',
'jwks_uri' => '',
'registration_endpoint' => '',
'token_endpoint' => '',
'token_endpoint_auth_methods_supported' => '',
'userinfo_endpoint' => ''
],
'provider-url' => '',
'search-attribute' => 'sub',
'use-token-introspection-endpoint' => true,
],