https://github.com/onelogin/python3-saml/tree/master/demo-django/saml
advanced_settings.json
{
"security": {
"nameIdEncrypted": false,
"authnRequestsSigned": false,
"logoutRequestSigned": false,
"logoutResponseSigned": false,
"signMetadata": false,
"wantMessagesSigned": false,
"wantAssertionsSigned": false,
"wantNameId": false,
"wantNameIdEncrypted": false,
"wantAssertionsEncrypted": false,
"allowSingleLabelDomains": false,
"signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"digestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256",
"rejectDeprecatedAlgorithm": false
}
}
set following to false if IDP uses deprecated algorithm for signautre and does not encrypt data
"wantNameId": false,
"wantNameIdEncrypted": false,
"wantAssertionsEncrypted": false,
"allowSingleLabelDomains": true,
"signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"digestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256",
"rejectDeprecatedAlgorithm": false
settings.json
must specify x509 cert here or else it wont work :
strict should be set to false if you do reverse proxy , debug should be set to false in production
{
"strict": true,
"debug": true,
"sp": {
"entityId": "",
"assertionConsumerService": {
"url": "",
"binding": ""
},
"singleLogoutService": {
"url": "",
"binding": ""
},
"NameIDFormat": "",
"x509cert": "",
"privateKey": ""
},
"idp": {
"entityId": "",
"singleSignOnService": {
"url": "",
"binding": ""
},
"singleLogoutService": {
"url": "",
"binding": ""
},
"x509cert": ""
}
}
No comments:
Post a Comment