satosa_config:
   internal_attributes: "/etc/satosa/internal_attributes.yaml"
   saml2_backend: "/etc/satosa/plugins/saml2_backend.yaml"
   saml2_frontend: "/etc/satosa/plugins/saml2_frontend.yaml"
 
internal_attributes:
   attributes:
      displayname:
        saml: [displayName]
      edupersonprincipalname:
        saml: [eduPersonPrincipalName]
      mail:
        saml: [email, emailAddress, mail]
      name:
        saml: [cn]
      surname:
        saml: [sn, surname]
      edupersonscopedaffiliation:
        saml: [eduPersonScopedAffiliation]
      subject-id:
        saml: [subject-id]
 
satosa_proxy_conf:
   BASE: https://idp-proxy-test.streams.sunet.se
   INTERNAL_ATTRIBUTES: "internal_attributes.yaml"
   BACKEND_MODULES:
      - "plugins/saml2_backend.yaml"
   FRONTEND_MODULES:
      - "plugins/saml2_frontend.yaml"
   LOGGING:
     version: 1
     formatters:
        default:
           format: "%(asctime)s [%(process)d] [%(levelname)s] %(message)s"
     handlers:
        console:
           class: logging.StreamHandler
           level: DEBUG
           formatter: default
           stream: ext://sys.stdout
     loggers:
        satosa:
           level: DEBUG
           handlers: [console]
        saml2:
           level: DEBUG
           handlers: [console]
saml2_backend:
  config:
    sp_config:
      organization:
        display_name: SUNET Streams
        name: SUNET Streams
        url: https://sunet.se
      contact_person:
      - contact_type: technical
        email_address: noc@sunet.se
        given_name: Technical
      - contact_type: support
        email_address: noc@sunet.se
        given_name: Support
      key_file: backend.key
      cert_file: backend.crt
      encryption_keypairs:
        - { key_file: backend.key, cert_file: backend.crt }
      allow_unknown_attributes: true
      metadata:
        mdq:
         - url: https://mds.swamid.se/
           cert: md-signer2.crt
      entityid: https://idp-proxy-test.streams.sunet.se/sp
      service:
        sp:
          name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
          allow_unsolicited: true
          endpoints:
            assertion_consumer_service:
              - [<base_url>/<name>/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
              - [<base_url>/<name>/acs/redirect, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
            discovery_response:
              - [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
          want_response_signed: False
          want_assertions_signed: False
          want_assertions_or_response_signed: True
      xmlsec_binary: /usr/bin/xmlsec1
    disco_srv: https://service.seamlessaccess.org/ds
    attribute_profile: saml
  module: satosa.backends.saml2.SAMLBackend
  name: Saml2SP
  plugin: BackendModulePlugin
saml2_frontend:
  name: Saml2IDP
  config:
    entityid_endpoint: true
    endpoints:
      single_sign_on_service:
        urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST: <name>/sso/post
        urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect: <name>/sso/redirect
    idp_config:
      organization:
        display_name: SWAMID
        name: SWAMID
        url: https://sunet.se
      contact_person:
      - contact_type: technical
        email_address: noc@sunet.se
        given_name: Technical
      - contact_type: support
        email_address: noc@sunet.se
        given_name: Support
      key_file: frontend.key
      cert_file: frontend.crt
      metadata:
        local:
          - metadata/sp_metadata.xml
      entityid: https://idp-proxy-test.streams.sunet.se/idp
      service:
        idp:
          endpoints:
            single_sign_on_service: []
          name: SWAMID
          name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
          policy:
            default:
              attribute_restrictions: null
              fail_on_missing_requested: false
              lifetime: {minutes: 15}
              name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
      xmlsec_binary: /usr/bin/xmlsec1
    attribute_profile: saml
  module: satosa.frontends.saml2.SAMLFrontend
  plugin: FrontendModulePlugin