forked from IdentityPython/SATOSA
-
Notifications
You must be signed in to change notification settings - Fork 0
/
saml2_virtualcofrontend.yaml.example
110 lines (106 loc) · 4 KB
/
saml2_virtualcofrontend.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
module: satosa.frontends.saml2.SAMLVirtualCoFrontend
name: Saml2IDP
config:
collaborative_organizations:
# The encodeable name for the CO will be URL encoded and used
# both for the entityID and the SSO endpoints of the virtual IdP.
# The entityID has the form
#
# {base_entity_id}/{co_name}
#
# The endpoint URLs have the form
#
# {base}/{backend}/{co_name}/{path}
#
- encodeable_name: MESS
# If organization and contact_person details appear they
# will override the same from the base configuration in
# the generated metadata for the CO IdP.
organization:
display_name: MESS
name: Medium Energy Synchrotron Source
url: https://messproject.org
contact_person:
- contact_type: technical
email_address: [email protected]
given_name: MESS Technical Support
# SAML attributes and static values about the CO to be asserted for each user.
# The key is the SATOSA internal attribute name.
co_static_saml_attributes:
organization: Medium Engergy Synchrotron Source
countryname: US
friendlycountryname: United States
noreduorgacronym:
- MESS
- MeSyncS
- encodeable_name: MTS
organization:
display_name: Milwaukee Theological Seminary
name: Milwaukee Theological Seminary
url: https://milwaukeetheologicalseminary.org
- encodeable_name: IBNS Staff
idp_config:
organization: {display_name: Example Identities, name: Example Identities Org., url: 'http://www.example.com'}
contact_person:
- {contact_type: technical, email_address: [email protected], given_name: Technical}
- {contact_type: support, email_address: [email protected], given_name: Support}
key_file: frontend.key
cert_file: frontend.crt
metadata:
local: [sp.xml]
# Available placeholders to use while constructing entityid,
# <backend_name>: Backend name
# <co_name>: collaborative_organizations encodeable_name
# <base_url>: Base url of installation
# <name>: Name of this virtual co-frontend
entityid: <base_url>/<backend_name>/idp/<co_name>
accepted_time_diff: 60
service:
idp:
endpoints:
single_sign_on_service: []
name: Proxy IdP
ui_info:
display_name:
- lang: en
text: "IdP Display Name"
description:
- lang: en
text: "IdP Description"
information_url:
- lang: en
text: "http://idp.information.url/"
privacy_statement_url:
- lang: en
text: "http://idp.privacy.url/"
keywords:
- lang: se
text: ["Satosa", "IdP-SE"]
- lang: en
text: ["Satosa", "IdP-EN"]
logo:
text: "http://idp.logo.url/"
width: "100"
height: "100"
name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
policy:
default:
attribute_restrictions: null
fail_on_missing_requested: false
lifetime: {minutes: 15}
name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
acr_mapping:
"": default-LoA
"https://accounts.google.com": LoA1
endpoints:
single_sign_on_service:
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect
enable_metadata_reload: no
# If configured and not false or empty the common domain cookie _saml_idp will be set
# with or have appended the IdP used for authentication. The default is not to set the
# cookie. If the value is a dictionary with key 'domain' then the domain for the cookie
# will be set to the value for the 'domain' key. If no 'domain' is set then the domain
# from the BASE defined for the proxy will be used.
common_domain_cookie:
domain: .example.com