--- satosa_config: saml2_backend: "/etc/satosa/plugins/saml2_backend.yaml" saml2_frontend: "/etc/satosa/plugins/saml2_frontend.yaml" generated_attributes: "/etc/satosa/plugins/generated_attributes.yaml" internal_attributes: "/etc/satosa/internal_attributes.yaml" attribute_authorization: "/etc/satosa/plugins/attribute_authorization.yaml" attribute_filter: "/etc/satosa/plugins/attribute_filter.yaml" healthcheck: "/etc/satosa/plugins/healthcheck.yaml" generated_attributes: module: satosa.micro_services.attribute_generation.AddSyntheticAttributes plugin: AddSyntheticAttributes name: AddSyntheticAttributes config: synthetic_attributes: default: default: schachomeorganization: "{{edupersonprincipalname.scope}}" attribute_authorization: module: satosa.micro_services.attribute_authorization.AttributeAuthorization plugin: AttributeAuthorization name: AttributeAuthorization config: force_attributes_presence_on_allow: true attribute_allow: default: default: edupersonscopedaffiliation: - "^(member|employee)@sunet.se$" attribute_filter: module: satosa.micro_services.attribute_modifications.FilterAttributeValues name: AttributeFilter config: attribute_filters: default: default: edupersonscopedaffiliation: "^(member|employee|student)@" internal_attributes: attributes: displayname: saml: [displayName] adfs: [displayName] commonname: saml: [cn] adfs: [displayName] givenname: saml: [givenName] adfs: [givenName] surname: saml: [sn] adfs: [sn] mail: saml: [mail] adfs: [mail] edupersonprincipalname: saml: [eduPersonPrincipalName] adfs: [eduPersonPrincipalName] edupersonscopedaffiliation: saml: [eduPersonScopedAffiliation] adfs: [eduPersonScopedAffiliation] noredupersonnin: saml: [norEduPersonNIN] adfs: [norEduPersonNIN] edupersonentitlement: saml: [eduPersonEntitlement] adfs: [eduPersonEntitlement] schachomeorganization: saml: [schacHomeOrganization] schachomeorganizationtype: saml: [schacHomeOrganizationType] organizationname: saml: [ou] noreduorgacronym: saml: [norEduOrgAcronym] countryname: saml: [c] friendlycountryname: saml: [co] edupersontargetedid: saml: [eduPersonTargetedID] user_id_to_attr: edupersontargetedid healthcheck: module: swamid_plugins.healthcheck.HealthCheck name: HealthCheck satosa_proxy_conf: BASE: https://zoom-saas-idp-proxy.sunet.se INTERNAL_ATTRIBUTES: "internal_attributes.yaml" BACKEND_MODULES: - "plugins/saml2_backend.yaml" FRONTEND_MODULES: - "plugins/saml2_frontend.yaml" MICRO_SERVICES: - "plugins/generated_attributes.yaml" - "plugins/attribute_authorization.yaml" - "plugins/attribute_filter.yaml" - "plugins/healthcheck.yaml" LOGGING: version: 1 formatters: default: format: "%(asctime)s [%(process)d] [%(levelname)s] %(message)s" handlers: console: class: logging.StreamHandler level: DEBUG formatter: default stream: ext://sys.stdout loggers: satosa: level: DEBUG handlers: [console] saml2: level: DEBUG handlers: [console] saml2_backend: config: sp_config: organization: {display_name: SUNET Zoom, name: SUNET Zoom, url: 'https://sunet.se'} contact_person: - {contact_type: technical, email_address: noc@sunet.se, given_name: Technical} - {contact_type: support, email_address: noc@sunet.se, given_name: Support} key_file: backend.key cert_file: backend.crt encryption_keypairs: - { key_file: backend.key, cert_file: backend.crt } allow_unknown_attributes: true metadata: mdq: - url: https://mds.swamid.se cert: "/etc/satosa/md-signer2.crt" entityid: https://zoom-saas-idp-proxy.sunet.se/sp service: sp: name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient'] allow_unsolicited: true endpoints: assertion_consumer_service: - [//acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'] - [//acs/redirect, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'] discovery_response: - [//disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol'] want_response_signed: False want_assertions_signed: False want_assertions_or_response_signed: True xmlsec_binary: /usr/bin/xmlsec1 attribute_map_dir: attributemaps disco_srv: https://service.seamlessaccess.org/ds attribute_profile: saml module: satosa.backends.saml2.SAMLBackend name: Saml2SP plugin: BackendModulePlugin saml2_frontend: config: custom_attribute_release: default: default: exclude: ["eduPersonTargetedID","eduPersonAffiliation"] idp_config: organization: {display_name: SWAMID, name: SWAMID, url: 'https://sunet.se'} contact_person: - {contact_type: technical, email_address: noc@sunet.se, given_name: Technical} - {contact_type: support, email_address: noc@sunet.se, given_name: Support} key_file: frontend.key cert_file: frontend.crt metadata: local: [metadata/zoom.xml] entityid: https://zoom-saas-idp-proxy.sunet.se/idp accepted_time_diff: 300 service: idp: endpoints: single_sign_on_service: [] name: SWAMID name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient'] policy: default: attribute_restrictions: null fail_on_missing_requested: false lifetime: {minutes: 15} name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri want_authn_requests_signed: false xmlsec_binary: /usr/bin/xmlsec1 endpoints: single_sign_on_service: {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect} attribute_profile: saml module: satosa.frontends.saml2.SAMLFrontend plugin: FrontendModulePlugin name: Saml2IDP