# Config options of the dariahsp core library
# Commented properties reflect default values
auth:
  #baseUrl: http://localhost:8080
  #defaultLoginUrl: ${auth.baseUrl}
  #defaultLogoutUrl: ${auth.baseUrl}
  salt: Qmwp4CO7LDkOUDouAcCcUqd9ZGNbRG5Jyr5lpntOuB9
  permissionHierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
  permissionDefinitions:
    - permissionSet: ADMINISTRATOR
      level: 100
      roleMappings: 
        local: ["application_admin"]
        saml: ["application_admin"]       
    - permissionSet: CONTRIBUTOR
      level: 50
      roleMappings:
        local: ["application_contributor"]
        saml: ["application_contributor"]
    - permissionSet: USER
      level: 10
      roleMappings:
        local: ["application_user"]
        saml: ["application_user"]
  local:
    enabled: true
    authorizerName: local
    # Same password for each user: 1234
    users:
      - username: 'admin'
        passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
        roles: ["application_admin"]
      - username: 'contributor'
        passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
        roles: ["application_contributor"]
      - username: 'user'
        passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
        roles: ["application_user"]
  saml:
    enabled: false
    authorizerName: saml
    keystore:
      path: /data/_srv/dariahsp/c105-229.cloud.gwdg.de.jks
      pass: clariah
      alias: c105-229.cloud.gwdg.de
      aliaspass: clariah6
    metadata:
      url: https://aaiproxy.de.dariah.eu/idp/
    sp:
      #metadataResource: /data/_srv/dariahsp/sp_metadata.xml
      maxAuthAge: -1
      #entityId: ${baseUrl}
      signMetadata: true
      #signingMethods: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
      #digestMethods: http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmlenc#sha512
      #supportedProtocols: urn:oasis:names:tc:SAML:2.0:protocol
      authnRequestSigned: truevv
      logoutRequestSigned: true
      wantsAssertionsSigned: true
      wantsResponsesSigned: false
      httpClientTimoutMs: 2000
      attributesIncompleteRedirectUrl: https://auth.de.dariah.eu/cgi-bin/selfservice/ldapportal.pl
      attributeGroups:
        - check: AND
          attributes:
            - friendlyName: dariahTermsOfUse
              name: urn:oid:1.3.6.1.4.1.10126.1.52.4.15
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
              #value: Terms_of_Use_germ_engl_v6.pdf
            - friendlyName: eduPersonPrincipalName
              mappedAttribute: id
              name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
        - check: OPTIONAL
          attributes:
            - friendlyName: mail
              name: urn:oid:0.9.2342.19200300.100.1.3
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
            - friendlyName: displayName
              mappedAttribute: username
              name: urn:oid:2.16.840.1.113730.3.1.241
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
            - friendlyName: isMemberOf
              mappedAttribute: externalRoles
              name: urn:oid:1.3.6.1.4.1.5923.1.5.1.1
              nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri