-
Notifications
You must be signed in to change notification settings - Fork 0
/
saml2_frontend.yaml
47 lines (44 loc) · 1.51 KB
/
saml2_frontend.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
---
module: satosa.frontends.saml2.SAMLFrontend
name: !ENV SAML_NAME
config:
endpoints:
single_sign_on_service:
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect
entityid_endpoint: true
enable_metadata_reload: true
idp_config:
organization: {display_name: '', name: '', url: ''}
contact_person:
- {contact_type: technical, email_address: 'mailto:technical@example.com', given_name: Technical}
key_file: saml.key
cert_file: saml.crt
metadata:
local: [!ENV SAML_METADATA]
entityid: <base_url>/<name>/metadata.xml
accepted_time_diff: 60
service:
idp:
endpoints:
single_sign_on_service: []
name: Proxy IdP
ui_info:
display_name:
- lang: en
text: "Kanidm SAML Proxy"
description:
- lang: en
text: "A SATOSA SAML2 shim on top of Kanidm"
information_url:
- lang: en
text: "https://github.com/IdentityPython/SATOSA"
name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
policy:
default:
attribute_restrictions: null
fail_on_missing_requested: false
lifetime: {minutes: 15}
name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
encrypt_assertion: false
encrypted_advice_attributes: false