-
Notifications
You must be signed in to change notification settings - Fork 125
/
Copy pathsaml2_frontend.yaml.example
72 lines (67 loc) · 2.79 KB
/
saml2_frontend.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
module: satosa.frontends.saml2.SAMLFrontend
name: Saml2IDP
config:
#acr_mapping:
# "": "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"
# "https://accounts.google.com": "http://eidas.europa.eu/LoA/low"
endpoints:
single_sign_on_service:
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect
# If configured and not false or empty the common domain cookie _saml_idp will be set
# with or have appended the IdP used for authentication. The default is not to set the
# cookie. If the value is a dictionary with key 'domain' then the domain for the cookie
# will be set to the value for the 'domain' key. If no 'domain' is set then the domain
# from the BASE defined for the proxy will be used.
#common_domain_cookie:
# domain: .example.com
entityid_endpoint: true
enable_metadata_reload: no
idp_config:
organization: {display_name: Example Identities, name: Example Identities Org., url: 'http://www.example.com'}
contact_person:
- {contact_type: technical, email_address: 'mailto:[email protected]', given_name: Technical}
- {contact_type: support, email_address: 'mailto:[email protected]', given_name: Support}
- {contact_type: other, email_address: 'mailto:[email protected]', given_name: Security, extension_attributes: {'xmlns:remd': 'http://refeds.org/metadata', 'remd:contactType': 'http://refeds.org/metadata/contactType/security'}}
key_file: frontend.key
cert_file: frontend.crt
metadata:
local: [sp.xml]
entityid: <base_url>/<name>/proxy.xml
accepted_time_diff: 60
service:
idp:
endpoints:
single_sign_on_service: []
name: Proxy IdP
ui_info:
display_name:
- lang: en
text: "IdP Display Name"
description:
- lang: en
text: "IdP Description"
information_url:
- lang: en
text: "http://idp.information.url/"
privacy_statement_url:
- lang: en
text: "http://idp.privacy.url/"
keywords:
- lang: se
text: ["Satosa", "IdP-SE"]
- lang: en
text: ["Satosa", "IdP-EN"]
logo:
text: "http://idp.logo.url/"
width: "100"
height: "100"
name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
policy:
default:
attribute_restrictions: null
fail_on_missing_requested: false
lifetime: {minutes: 15}
name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
encrypt_assertion: false
encrypted_advice_attributes: false