satosa_config: saml2_backend: "/etc/satosa/plugins/saml2_backend.yaml" saml2_frontend: "/etc/satosa/plugins/saml2_frontend.yaml" internal_attributes: "/etc/satosa/internal_attributes.yaml" attribute_filter: "/etc/satosa/plugins/attribute_filter.yaml" oidc_frontend: "/etc/satosa/plugins/oidc_frontend.yaml" internal_attributes: attributes: edupersonprincipalname: saml: [eduPersonPrincipalName,subject-id] openid: [edupersonprincipalname] mail: openid: [email] saml: [email, emailAddress, mail] name: openid: [name] saml: [cn] displayname: openid: [nickname] saml: [displayName] attribute_filter: module: satosa.micro_services.attribute_modifications.FilterAttributeValues name: AttributeFilter config: attribute_filters: default: default: eduPersonPrincipalName: # enforce correct scope shibmdscope_match_scope: satosa_proxy_conf: BASE: https://test-sso-proxy1.cert.sunet.se INTERNAL_ATTRIBUTES: "internal_attributes.yaml" MICRO_SERVICES: - "plugins/attribute_filter.yaml" BACKEND_MODULES: - "plugins/saml2_backend.yaml" FRONTEND_MODULES: - "plugins/saml2_frontend.yaml" - "plugins/oidc_frontend.yaml" LOGGING: version: 1 formatters: default: format: "%(asctime)s [%(process)d] [%(levelname)s] %(message)s" handlers: console: class: logging.StreamHandler level: DEBUG formatter: default stream: ext://sys.stdout loggers: satosa: level: DEBUG handlers: [console] saml2: level: DEBUG handlers: [console] saml2_backend: config: sp_config: key_file: backend.key cert_file: backend.crt accepted_time_diff: 180 encryption_keypairs: - { key_file: backend.key, cert_file: backend.crt } allow_unknown_attributes: true metadata: mdq: - url: https://mds.swamid.se/ cert: md-signer2.crt entityid: https://test-sso-proxy1.cert.sunet.se/sp service: sp: name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient'] allow_unsolicited: true endpoints: assertion_consumer_service: - [//acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'] - [//acs/redirect, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'] discovery_response: - [//disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol'] want_response_signed: False want_assertions_signed: False want_assertions_or_response_signed: True xmlsec_binary: /usr/bin/xmlsec1 attribute_map_dir: attributemaps disco_srv: https://service.seamlessaccess.org/ds attribute_profile: saml module: satosa.backends.saml2.SAMLBackend name: Saml2SP plugin: BackendModulePlugin saml2_frontend: config: entityid_endpoint: true idp_config: key_file: frontend.key cert_file: frontend.crt accepted_time_diff: 180 metadata: local: - metadata/vul-dashboard-test.xml entityid: https://test-sso-proxy1.cert.sunet.se/idp service: idp: endpoints: single_sign_on_service: [] name: SUNET CERT Staff Login name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient'] policy: default: attribute_restrictions: null fail_on_missing_requested: false lifetime: {minutes: 15} name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri want_authn_requests_signed: false entity_categories: ['refeds'] xmlsec_binary: /usr/bin/xmlsec1 endpoints: single_sign_on_service: {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect} attribute_profile: saml module: satosa.frontends.saml2.SAMLFrontend plugin: FrontendModulePlugin name: Saml2IDP oidc_frontend: name: oidc-front config: db_uri: stateless://user:dkjrwtfsosagh.beygfdsbh8udbo@localhost?alg=aes256 signing_key_path: frontend.key client_db_path: cdb.json backend_name: Saml2SP provider: client_registration_supported: false response_types_supported: - code - id_token token subject_types_supported: - pairwise scopes_supported: - openid - email authorization_code_lifetime: 600 access_token_lifetime: 3600 module: satosa.frontends.openid_connect.OpenIDConnectFrontend plugin: FrontendModulePlugin