satosa/plugins/backends/saml2_backend.yaml

module: satosa.backends.saml2.SAMLBackend
name: Saml2
config:
  entityid_endpoint: true
  sp_config:
    key_file: ./pki/privkey.pem
    cert_file: ./pki/cert.pem
    encryption_keypairs:
      - key_file: ./pki/privkey.pem
        cert_file: ./pki/cert.pem
    organization:
      display_name:
        - - AAI Test
          - en
        - - AAI Test
          - it
      name:
        - - Lab OIDC SP
          - en
        - - Lab OIDC SP
          - it
      url:
        - - https://satosa-cp1.labwsgarr23.aai-test.garr.it
          - en
        - - https://satosa-cp1.labwsgarr23.aai-test.garr.it
          - it
    contact_person:
      - contact_type: technical
        given_name: AAI-TEST
        email_address: email@satosa-cp1.labwsgarr23.aai-test.garr.it
    metadata:
      local:
        - ./metadata/idp/
      mdq:
        - url: https://mdx.idem.garr.it/edugain/
          cert: ./pki/dem-mdx-service-crt.pem
          freshness_period: P0Y0M0DT1H0M0S
    entityid: <base_url>/<name>/metadata
    accepted_time_diff: 300
    service:
      sp:
        ui_info:
          display_name:
            - lang: en
              text: Lab OIDC SP
            - lang: it
              text: Lab OIDC SP
          description:
            - lang: en
              text: AAI Test Identity proxy
            - lang: it
              text: AAI Test Identity proxy
          information_url:
            - lang: en
              text: https://satosa-cp1.labwsgarr23.aai-test.garr.it
            - lang: it
              text: https://satosa-cp1.labwsgarr23.aai-test.garr.it
          privacy_statement_url:
            - lang: en
              text: https://satosa-cp1.labwsgarr23.aai-test.garr.it
            - lang: it
              text: https://satosa-cp1.labwsgarr23.aai-test.garr.it
          logo:
            text: https://www.idem.garr.it/images/logoIDEM_colore.svg
            width: '80'
            height: '60'
        only_use_keys_in_metadata: true
        force_authn: true
        authn_requests_signed: true
        want_response_signed: true
        allow_unsolicited: true
        signing_algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
        digest_algorithm: http://www.w3.org/2001/04/xmlenc#sha256
        required_attributes:
          - cn
          - mail
        endpoints:
          assertion_consumer_service:
            - - <base_url>/<name>/acs/post
              - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
          discovery_response:
            - - <base_url>/<name>/disco
              - urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol
        name_id_format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
        name_id_format_allow_create: false
  disco_srv: https://satosa-cp1.labwsgarr23.aai-test.garr.it/static/disco.html