/
example_config_saml.yaml
75 lines (70 loc) · 2.66 KB
/
example_config_saml.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# Warning: The following configuration file is an example, and it is insecure by default. Please carefully
# review and change values accordingly before deploying to a production environment. You are responsible
# for your deployment.
extends:
- example_config_base.yaml
- example_secrets.yaml
auth:
get_user_by_saml: true
set_auth_cookie: true
get_user_by_saml_settings:
# On the provider, set ACS url to https://your_consoleme_url/saml/acs and saml audience to "https://your_consoleme_url/"
idp_metadata_url: https://portal.sso.us-east-1.amazonaws.com/saml/metadata/CUSTOMENDPOINT
saml_path: example_config/saml_example
jwt:
expiration_hours: 1
email_key: email
groups_key: groups
attributes:
user: user
groups: groups
email: email
saml_settings:
debug: true
# IDP settings are not necessary if you provided the get_user_by_saml_settings.idp_metadata_url configuration setting
# They are provided here as an example
# idp:
# entityId: https://portal.sso.us-east-1.amazonaws.com/saml/assertion/CUSTOMENDPOINT
# singleLogoutService:
# binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
# url: https://portal.sso.us-east-1.amazonaws.com/saml/logout/CUSTOMENDPOINT
# singleSignOnService:
# binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
# url: https://portal.sso.us-east-1.amazonaws.com/saml/assertion/CUSTOMENDPOINT
# x509cert: MIIDAz.....
sp:
NameIDFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
assertionConsumerService:
binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
url: http://localhost:8081/saml/acs
entityId: http://localhost:8081
singleLogoutService:
binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
url: https://localhost:8081/saml/sls
strict: false
support:
emailAddress: support@example.com
givenName: support_name
technical:
emailAddress: technical@example.com
givenName: technical_name
organization:
en-US:
displayname: ConsoleMe
name: ConsoleMe
url: http://localhost:8081
security:
authnRequestsSigned: true
digestAlgorithm: http://www.w3.org/2000/09/xmldsig#sha1
logoutRequestSigned: true
logoutResponseSigned: true
nameIdEncrypted: true
signMetadata: true
signatureAlgorithm: http://www.w3.org/2000/09/xmldsig#rsa-sha1
wantAssertionsEncrypted: true
wantAssertionsSigned: true
wantMessagesSigned: true
wantNameId: true
wantNameIdEncrypted: false
development: true
url: http://localhost:8081