dariahsp.yml 2.25 KB
Newer Older
1
auth:
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
  local: 
    users:  
      - username: 'admin'
        passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
        roles: ["ROLE_ADMINISTRATOR"]
      - username: 'tgradl'
        passhash: '$2a$10$EeajSQQUepa7H7.g4xQCaeO.hjUwh0yzYCMrfOkWCZGe1IiWaexa6'
        roles: ["ROLE_CONTRIBUTOR"]
  saml:
    keystore:
      path: /data/_srv/schereg/key/dfa-de-dariah-eu.jks
      # Uncomment if keystore is protected by password
      #pass: 'somepass'
      alias: dfa.de.dariah.eu
      aliaspass: ''
    metadata:
      url: https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-test-metadata.xml
      #url: https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-basic-metadata.xml
    sp:
      local: true
      alias: schereg
      baseUrl: https://schereg.de.dariah.eu/schereg
      entityId: https://schereg.de.dariah.eu
      #externalMetadata : /home/tobias/Downloads/spring_saml_metadata.xml
      #securityProfile: metaiop
      #sslSecurityProfile: pkix
      #requireArtifactResolveSigned: false
      #requireLogoutRequestSigned: false
      #requireLogoutResponseSigned: false
      signMetadata    : true
      #signingAlgorithm : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
      discovery:
        enabled: true
        url: https://wayf.aai.dfn.de/DFN-AAI-Test/wayf
        #url: https://auth.dariah.eu/CDS/WAYF
        return: https://schereg.de.dariah.eu/schereg/saml/login/alias/schereg?disco:true
      ecpEnabled: true
      #allowedNameIds: EMAIL, TRANSIENT, PERSISTENT, UNSPECIFIED, X509_SUBJECT
      signingKey: dfa.de.dariah.eu
      encryptionKey: dfa.de.dariah.eu
      tlsKey: dfa.de.dariah.eu

44
45
46
47

#saml.sp.attr.names      : urn:oid:1.3.6.1.4.1.5923.1.1.1.6, urn:oid:0.9.2342.19200300.100.1.3, urn:oid:1.3.6.1.4.1.5923.1.1.1.7, urn:oid:1.3.6.1.4.1.5923.1.1.1.9, urn:oid:2.16.840.1.113730.3.1.241 
#saml.sp.attr.nameFormats  : urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri
#saml.sp.attr.friendlyNames  : eduPersonPrincipalName, mail, eduPersonEntitlement, eduPersonScopedAffiliation, displayName
48
#saml.sp.attr.required     : true, true, false, false, false