Am 08.09.2017 um 02:14 schrieb Matthew X. Economou
<xenophon at irtnog.org>:
Rainer Hoerbe writes:
the config:idp_config key in SaToSa maps to
CONFIG in the Pysaml2
example that Ivan mentioned. At this place you can define the various
endpoints. I have used HTTP/POST binding for AuthnRequests in the past
with pysaml2.
Like the following?
config:
idp_config:
preferred_binding:
single_sign_on_service:
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Or is there more to the configuration than that?
You need to configure endpoints to generate complete metadata. For the moment I can only
copy paste a JSON config file from a predecessor of SaToSa:
BASE = "https://%s:%s" % (HOST, PORT)
...
"idp": {
"name": "Test PEFIM IdP",
"want_authn_requests_signed": True,
"want_authn_requests_only_with_valid_cert": True,
"sign_response": True,
"sign_assertion": False,
"verify_encrypt_cert": verify_encrypt_cert,
"encrypt_assertion": True,
"endpoints": {
"single_sign_on_service": [
("%s/sso/redirect" % BASE, BINDING_HTTP_REDIRECT),
("%s/sso/post" % BASE, BINDING_HTTP_POST),
("%s/sso/art" % BASE, BINDING_HTTP_ARTIFACT),
("%s/sso/ecp" % BASE, BINDING_SOAP)
],
"single_logout_service": [
("%s/slo/soap" % BASE, BINDING_SOAP),
("%s/slo/post" % BASE, BINDING_HTTP_POST),
("%s/slo/redirect" % BASE, BINDING_HTTP_REDIRECT)
],
},
Do not take this snippet verbatim, use it for orientation only.
- Rainer