module: satosa.backends.saml2.SAMLBackend
name: idp
config:
  entityid_endpoint: true
  mirror_force_authn: true
  memorize_idp: no
  use_memorized_idp_when_force_authn: no
  send_requester_id: true
  enable_metadata_reload: false
  acs_selection_strategy: use_first_acs

  sp_config:
    name: SATOSA Proxy SP (Backend)
    description: zididp.uni-graz.at
    key_file: ssl/sp.key
    cert_file: ssl/sp.crt
    organization:
      display_name: zididp.uni-graz.at
      name: SATOSA Proxy SP (Backend)
      url: "https://zididp.uni-graz.at"

    metadata:
      local:
        - metadata/login.uni-graz.at.xml
#        - metadata/devlogin.uni-graz.at.xml

    entityid: <base_url>/<name>/proxy_saml2_backend.xml
    accepted_time_diff: 60
    attribute_map_dir: attributemaps

    service:
      sp:
        authn_requests_signed: true
        want_response_signed: true
        allow_unsolicited: true
        endpoints:
          assertion_consumer_service:
          - [ <base_url>/<name>/acs/post, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST ]

        name_id_format:
          - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
          - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
          - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
        name_id_policy_format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient

        requested_attributes:
          - friendly_name: givenName
            name: urn:oid:2.5.4.42
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri

          - friendly_name: sn
            name: urn:oid:2.5.4.4
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri

          - friendly_name: mail
            name: urn:oid:0.9.2342.19200300.100.1.3
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri

          - friendly_name: displayName
            name: urn:oid:2.16.840.1.113730.3.1.241
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri

          - friendly_name: eduPersonPrincipalName
            name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri

          - friendly_name: eduPersonUniqueId
            name: urn:oid:1.3.6.1.4.1.5923.1.1.1.13
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri

          - friendly_name: eduPersonScopedAffiliation
            name: urn:oid:1.3.6.1.4.1.5923.1.1.1.9
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri

          - friendly_name: schacPersonalUniqueCode
            name: urn:oid:1.3.6.1.4.1.25178.1.2.14
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri

          - friendly_name: SAPemployeeNumber
            name: urn:oid:1.3.6.1.4.1.56980.4950.4.16.143050.6.13
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri

          - friendly_name: PKemployeeNumber
            name: urn:oid:1.3.6.1.4.1.56980.4950.4.16.143050.6.14
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri

          - friendly_name: UGOemployeeNumber
            name: urn:oid:1.3.6.1.4.1.56980.4950.4.16.143050.6.15
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri

          - friendly_name: uid
            name: urn:oid:0.9.2342.19200300.100.1.1
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri

          - friendly_name: cn
            name: urn:oid:2.5.4.3
            name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri