tests/restrictive_idp_conf.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

from saml2 import BINDING_HTTP_REDIRECT
from saml2 import BINDING_SOAP
from saml2.saml import NAME_FORMAT_URI


BASE = "http://localhost:8089/"

from pathutils import full_path


CONFIG = {
    "entityid": "urn:mace:example.com:saml:roland:idpr",
    "name": "Rolands restrictied IdP",
    "service": {
        "idp": {
            "endpoints": {
                "single_sign_on_service": [(f"{BASE}sso", BINDING_HTTP_REDIRECT)],
                "attribute_service": [(f"{BASE}aa", BINDING_SOAP)],
            },
            "policy": {
                "default": {"lifetime": {"minutes": 15}, "name_form": NAME_FORMAT_URI},
                "urn:mace:example.com:saml:roland:sp": {
                    "lifetime": {"minutes": 5},
                    "attribute_restrictions": {
                        "givenName": None,
                        "surName": None,
                        "mail": [".*@example.com"],
                        "eduPersonAffiliation": ["(employee|staff|faculty)"],
                    },
                },
            },
            "subject_data": full_path("subject_data.db"),
        }
    },
    "key_file": full_path("test.key"),
    "cert_file": full_path("test.pem"),
    "xmlsec_binary": None,
    "metadata": [
        {
            "class": "saml2.mdstore.MetaDataFile",
            "metadata": [(full_path("sp_0.metadata"),)],
        }
    ],
    "attribute_map_dir": full_path("attributemaps"),
}