'x509cert'=>'X.509 certificate of the Service Provider',
'privateKey'=>'Private key of the Service Provider',
];
$securityOfferFields=[
'nameIdEncrypted'=>'Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted.',
'authnRequestsSigned'=>'Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]',
'logoutRequestSigned'=>'Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed.',
'logoutResponseSigned'=>'Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed.',
'signMetadata'=>'Whether the metadata should be signed.',
];
$securityRequiredFields=[
'wantMessagesSigned'=>'Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed.',
'wantAssertionsSigned'=>'Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]',
'wantAssertionsEncrypted'=>'Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted.',
'wantNameId'=>' Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.',
'wantNameIdEncrypted'=>'Indicates a requirement for the NameID received by this SP to be encrypted.',
'wantXMLValidation'=>'Indicates if the SP will validate all received XMLs.',
];
$generalSettings=[
'uid_mapping'=>[
'text'=>'Attribute to map the UID to.',
'type'=>'line',
'required'=>true,
],
'require_provisioned_account'=>[
'text'=>'Only allow authentication if an account is existent on some other backend. (e.g. LDAP)',
'type'=>'checkbox',
],
'use_saml_auth_for_desktop'=>[
'text'=>'Use SAML auth for the Nextcloud desktop clients (requires user re-authentication)',