72 lines
2.3 KiB
PHP
72 lines
2.3 KiB
PHP
<?php
|
|
/**
|
|
* SAML 2.0 IdP configuration for simpleSAMLphp.
|
|
*
|
|
* See: https://rnd.feide.no/content/idp-hosted-metadata-reference
|
|
*/
|
|
|
|
$metadata['__DYNAMIC:1__'] = array(
|
|
/*
|
|
* The hostname of the server (VHOST) that will use this SAML entity.
|
|
*
|
|
* Can be '__DEFAULT__', to use this entry by default.
|
|
*/
|
|
'host' => '__DEFAULT__',
|
|
|
|
/* X.509 key and certificate. Relative to the cert directory. */
|
|
'privatekey' => 'server.pem',
|
|
'certificate' => 'server.crt',
|
|
|
|
/*
|
|
* Authentication source to use. Must be one that is configured in
|
|
* 'config/authsources.php'.
|
|
*/
|
|
'auth' => 'example-userpass',
|
|
|
|
/*
|
|
* WARNING: SHA-1 is disallowed starting January the 1st, 2014.
|
|
*
|
|
* Uncomment the following option to start using SHA-256 for your signatures.
|
|
* Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since
|
|
* 2011, and will be disallowed by NIST as of 2014. Please refer to the following
|
|
* document for more information:
|
|
*
|
|
* http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
|
|
*
|
|
* If you are uncertain about service providers supporting SHA-256 or other
|
|
* algorithms of the SHA-2 family, you can configure it individually in the
|
|
* SP-remote metadata set for those that support it. Once you are certain that
|
|
* all your configured SPs support SHA-2, you can safely remove the configuration
|
|
* options in the SP-remote metadata set and uncomment the following option.
|
|
*
|
|
* Please refer to the IdP hosted reference for more information.
|
|
*/
|
|
//'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
|
|
|
|
/* Uncomment the following to use the uri NameFormat on attributes. */
|
|
/*
|
|
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
|
'authproc' => array(
|
|
// Convert LDAP names to oids.
|
|
100 => array('class' => 'core:AttributeMap', 'name2oid'),
|
|
),
|
|
*/
|
|
|
|
/*
|
|
* Uncomment the following to specify the registration information in the
|
|
* exported metadata. Refer to:
|
|
* http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/cs01/saml-metadata-rpi-v1.0-cs01.html
|
|
* for more information.
|
|
*/
|
|
/*
|
|
'RegistrationInfo' => array(
|
|
'authority' => 'urn:mace:example.org',
|
|
'instant' => '2008-01-17T11:28:03Z',
|
|
'policies' => array(
|
|
'en' => 'http://example.org/policy',
|
|
'es' => 'http://example.org/politica',
|
|
),
|
|
),
|
|
*/
|
|
);
|