forked from IdentityPython/SATOSA
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsaml2_frontend.yaml.example
65 lines (62 loc) · 2.33 KB
/
saml2_frontend.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
module: satosa.frontends.saml2.SAMLFrontend
name: Saml2IDP
config:
idp_config:
organization: {display_name: Example Identities, name: Example Identities Org., url: 'http://www.example.com'}
contact_person:
- {contact_type: technical, email_address: [email protected], given_name: Technical}
- {contact_type: support, email_address: [email protected], given_name: Support}
key_file: frontend.key
cert_file: frontend.crt
metadata:
local: [sp.xml]
entityid: <base_url>/<name>/proxy.xml
accepted_time_diff: 60
service:
idp:
endpoints:
single_sign_on_service: []
name: Proxy IdP
ui_info:
display_name:
- lang: en
text: "IdP Display Name"
description:
- lang: en
text: "IdP Description"
information_url:
- lang: en
text: "http://idp.information.url/"
privacy_statement_url:
- lang: en
text: "http://idp.privacy.url/"
keywords:
- lang: se
text: ["Satosa", "IdP-SE"]
- lang: en
text: ["Satosa", "IdP-EN"]
logo:
text: "http://idp.logo.url/"
width: "100"
height: "100"
name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
policy:
default:
attribute_restrictions: null
fail_on_missing_requested: false
lifetime: {minutes: 15}
name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
acr_mapping:
"": default-LoA
"https://accounts.google.com": LoA1
endpoints:
single_sign_on_service:
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect
# If configured and not false or empty the common domain cookie _saml_idp will be set
# with or have appended the IdP used for authentication. The default is not to set the
# cookie. If the value is a dictionary with key 'domain' then the domain for the cookie
# will be set to the value for the 'domain' key. If no 'domain' is set then the domain
# from the BASE defined for the proxy will be used.
#common_domain_cookie:
# domain: .example.com