initial commit

2025-10-07 12:32:31 +02:00
commit c31126cf3b
12 changed files with 623 additions and 0 deletions
--- a/plugins/saml2_backend.yaml
+++ b/plugins/saml2_backend.yaml
@@ -0,0 +1,97 @@
+module: satosa.backends.saml2.SAMLBackend
+name: idp
+config:
+  entityid_endpoint: true
+  mirror_force_authn: true
+  memorize_idp: no
+  use_memorized_idp_when_force_authn: no
+  send_requester_id: true
+  enable_metadata_reload: false
+  acs_selection_strategy: use_first_acs
+
+  sp_config:
+    name: SATOSA Proxy SP (Backend)
+    description: zididp.uni-graz.at
+    key_file: ssl/sp.key
+    cert_file: ssl/sp.crt
+    organization:
+      display_name: zididp.uni-graz.at
+      name: SATOSA Proxy SP (Backend)
+      url: "https://zididp.uni-graz.at"
+
+    metadata:
+      local:
+        - metadata/login.uni-graz.at.xml
+#        - metadata/devlogin.uni-graz.at.xml
+
+    entityid: <base_url>/<name>/proxy_saml2_backend.xml
+    accepted_time_diff: 60
+    attribute_map_dir: attributemaps
+
+    service:
+      sp:
+        authn_requests_signed: true
+        want_response_signed: true
+        allow_unsolicited: true
+        endpoints:
+          assertion_consumer_service:
+          - [ <base_url>/<name>/acs/post, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST ]
+
+        name_id_format:
+          - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+          - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+          - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+        name_id_policy_format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+
+        requested_attributes:
+          - friendly_name: givenName
+            name: urn:oid:2.5.4.42
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+
+          - friendly_name: sn
+            name: urn:oid:2.5.4.4
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+
+          - friendly_name: mail
+            name: urn:oid:0.9.2342.19200300.100.1.3
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+
+          - friendly_name: displayName
+            name: urn:oid:2.16.840.1.113730.3.1.241
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+
+          - friendly_name: eduPersonPrincipalName
+            name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+
+          - friendly_name: eduPersonUniqueId
+            name: urn:oid:1.3.6.1.4.1.5923.1.1.1.13
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+
+          - friendly_name: eduPersonScopedAffiliation
+            name: urn:oid:1.3.6.1.4.1.5923.1.1.1.9
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+
+          - friendly_name: schacPersonalUniqueCode
+            name: urn:oid:1.3.6.1.4.1.25178.1.2.14
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+
+          - friendly_name: SAPemployeeNumber
+            name: urn:oid:1.3.6.1.4.1.56980.4950.4.16.143050.6.13
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+
+          - friendly_name: PKemployeeNumber
+            name: urn:oid:1.3.6.1.4.1.56980.4950.4.16.143050.6.14
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+
+          - friendly_name: UGOemployeeNumber
+            name: urn:oid:1.3.6.1.4.1.56980.4950.4.16.143050.6.15
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+
+          - friendly_name: uid
+            name: urn:oid:0.9.2342.19200300.100.1.1
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+
+          - friendly_name: cn
+            name: urn:oid:2.5.4.3
+            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri