tests/restrictive_idp_conf.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

from saml2 import BINDING_SOAP, BINDING_HTTP_REDIRECT
from saml2.saml import NAME_FORMAT_URI

BASE = "http://localhost:8089/"

from pathutils import full_path

CONFIG = {
    "entityid" : "urn:mace:example.com:saml:roland:idpr",
    "name" : "Rolands restrictied IdP",
    "service": {
        "idp": {
            "endpoints" : {
                "single_sign_on_service" : [
                        (BASE+"sso", BINDING_HTTP_REDIRECT)],
                "attribute_service" : [
                        (BASE+"aa", BINDING_SOAP)],
            },
            "policy": {
                "default": {
                    "lifetime": {"minutes":15},
                    "name_form": NAME_FORMAT_URI
                },
                "urn:mace:example.com:saml:roland:sp": {
                    "lifetime": {"minutes": 5},
                    "attribute_restrictions":{
                        "givenName": None,
                        "surName": None,
                        "mail": [".*@example.com"],
                        "eduPersonAffiliation": ["(employee|staff|faculty)"],
                    }
                }
            },
            "subject_data": full_path("subject_data.db"),
        }
    },
    "key_file" : full_path("test.key"),
    "cert_file" : full_path("test.pem"),
    "xmlsec_binary" : None,
    "metadata": [{
        "class": "saml2.mdstore.MetaDataFile",
        "metadata": [(full_path("sp_0.metadata"), )],
    }],
    "attribute_map_dir" : full_path("attributemaps"),
}