-
-
Save canariecaf/2216d3de5e5872ecaa08cf03548ec559 to your computer and use it in GitHub Desktop.
satosa-attribute-filter-notes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3' | |
services: | |
satosa: | |
image: satosa/satosa:latest | |
restart: always | |
#env_file: .env | |
environment: | |
- TZ=${TZ} | |
volumes: | |
- ./etc:/opt/satosa/etc | |
ports: | |
- "8000:8000/tcp" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
attributes: | |
address: | |
openid: [address.street_address] | |
orcid: [addresses.str] | |
saml: [postaladdress] | |
displayname: | |
openid: [nickname] | |
orcid: [name.credit-name] | |
github: [login] | |
saml: [displayName] | |
edupersontargetedid: | |
facebook: [id] | |
linkedin: [id] | |
orcid: [orcid] | |
github: [id] | |
openid: [sub] | |
saml: [eduPersonTargetedID] | |
givenname: | |
facebook: [first_name] | |
linkedin: [email-address] | |
orcid: [name.given-names.value] | |
openid: [given_name] | |
saml: [givenName] | |
mail: | |
facebook: [email] | |
linkedin: [email-address] | |
orcid: [emails.str] | |
github: [email] | |
openid: [email] | |
saml: [email, emailAdress, mail] | |
name: | |
facebook: [name] | |
orcid: [name.credit-name] | |
github: [name] | |
openid: [name] | |
saml: [cn] | |
surname: | |
facebook: [last_name] | |
linkedin: [lastName] | |
orcid: [name.family-name.value] | |
openid: [family_name] | |
saml: [sn, surname] | |
hash: [mail] | |
user_id_from_attrs: [mail] | |
user_id_to_attr: mail |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module: satosa.backends.saml2.SAMLBackend | |
name: Saml2 | |
config: | |
#idp_blacklist_file: /path/to/blacklist.json | |
sp_config: | |
key_file: /opt/satosa/etc/backend.key | |
cert_file: /opt/satosa/etc/backend.crt | |
organization: {display_name: CANARIE Inc., name: CANARIE Inc., url: 'http://www.canarie.com'} | |
contact_person: | |
- {contact_type: technical, email_address: tickets@canarie.ca, given_name: Technical} | |
- {contact_type: support, email_address: tickets@canarie.ca, given_name: Support} | |
metadata: | |
remote: | |
- {url: "https://caf-shib2ops.ca/CoreServices/testbed/caf_test_fed.xml", cert: "/opt/satosa/etc/pki/testfed.crt"} | |
entityid: <base_url>/<name>/proxy_saml2_backend.xml | |
accepted_time_diff: 60 | |
service: | |
sp: | |
want_response_signed: true | |
allow_unsolicited: true | |
endpoints: | |
assertion_consumer_service: | |
- [<base_url>/<name>/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'] | |
- [<base_url>/<name>/acs/redirect, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'] | |
discovery_response: | |
- [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol'] | |
name_id_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' | |
# disco_srv must be defined if there is more than one IdP in the metadata specified above | |
disco_srv: https://ds.caftest.canarie.ca/DS/CAF.ds |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module: satosa.frontends.saml2.SAMLFrontend | |
name: Saml2IDP | |
config: | |
idp_config: | |
organization: {display_name: Identities, name: Example Identities Org., url: 'http://www.canarie.ca'} | |
contact_person: | |
- {contact_type: technical, email_address: tickets@canarie.ca, given_name: Technical} | |
- {contact_type: support, email_address: tickets@canarie.ca, given_name: Support} | |
key_file: /opt/satosa/etc/frontend.key | |
cert_file: /opt/satosa/etc/frontend.crt | |
metadata: | |
local: [sp.xml] | |
entityid: <base_url>/<name>/proxy.xml | |
accepted_time_diff: 60 | |
service: | |
idp: | |
endpoints: | |
single_sign_on_service: [] | |
name: Proxy IdP | |
name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'] | |
policy: | |
default: | |
attribute_restrictions: null | |
fail_on_missing_requested: false | |
lifetime: {minutes: 15} | |
name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri | |
acr_mapping: | |
"": default-LoA | |
"https://accounts.google.com": LoA1 | |
endpoints: | |
single_sign_on_service: {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post, | |
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment