Example config file

{
    "remoteConfigProvider": "",
    "remoteConfigEndpoint": "",
    "remoteConfigPath": "",
    "remoteConfigSecretKeyring": "",
    "serverAddress": ":8000",
    "serverPublicAddress": "http://127.0.0.1:8000",
    "errorPageURL": "",
    "errorPageTemplate": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" /><title>SSO ERROR</title></head><body><h1>SSO ERROR</h1><h2>{{.Data}}</h2><div><a href=\"{{.URL}}/services\" title=\"SSO Login\">SSO LOGIN</a> <a href=\"{{.URL}}/logout\" title=\"Terminate the main SSO session\">SSO LOGOUT</a></div><div><table><tr><th>FIELD</th><th>VALUE</th></tr><tr><td>Program</td><td>{{.Program}}</td></tr><tr><td>Version</td><td>{{.Version}}</td></tr><tr><td>Release</td><td>{{.Release}}</td></tr><tr><td>IdP URL</td><td>{{.URL}}</td></tr><tr><td>DateTime</td><td>{{.DateTime}}</td></tr><tr><td>Timestamp</td><td>{{.Timestamp}}</td></tr><tr><td>Status</td><td>{{.Status}}</td></tr><tr><td>Code</td><td>{{.Code}}</td></tr><tr><td>Message</td><td>{{.Message}}</td></tr><tr><td>Data</td><td>{{.Data}}</td></tr></table></div></body></html>",
    "logoutPageURL": "",
    "logoutPageTemplate": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" /><title>SSO LOGOUT</title></head><body><h1>SSO LOGOUT</h1><h2>The IDP Session has been successfully deleted</h2><div><a href=\"{{.URL}}/services\" title=\"SSO Login\">SSO LOGIN</a></div><h3>Logout links of visited Service Providers:</h3><ul>{{ range $name, $logout := .SPList }}<li><a href=\"{{ $logout }}\" title=\"Logout from {{ $name }}\" target=\"_blank\">{{ $name }}</a></li>{{ end }}</ul></body></html>",
    "servicesPageURL": "",
    "servicesPageTemplate": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" /><title>SSO Authorized Service Providers</title></head><body><h1>SSO Authorized Service Providers</h1><div><a href=\"{{.URL}}/logout\" title=\"Terminate the main SSO session\">SSO LOGOUT</a></div><ul>{{ range $sp := .SPList }}<li><strong>{{ $sp.Name }}</strong><br /><em>{{ $sp.Description }}</em><ul><li><a href=\"{{ $sp.IDPLogin }}\" title=\"IdP-Login: {{ $sp.Description }}\" target=\"_blank\">IdP-initiated login</a></li><li><a href=\"{{ $sp.Login }}\" title=\"Login: {{ $sp.Description }}\" target=\"_blank\">Login Page</a></li><li><a href=\"{{ $sp.Logout }}\" title=\"Logout: {{ $sp.Description }}\" target=\"_blank\">Logout</a></li></ul></li>{{ end }}</ul></body></html>",
    "log": {
        "level": "DEBUG",
        "network": "",
        "address": ""
    },
    "stats": {
        "prefix": "srv-idp",
        "network": "udp",
        "address": ":8125",
        "flush_period": 100
    },
    "redis": {
        "network": "tcp",
        "address": ":6379",
        "database": 0,
        "password": "",
        "connect_timeout": 0,
        "read_timeout": 0,
        "write_timeout": 0,
        "pool_max_idle": 0,
        "pool_max_active": 0,
        "pool_idle_timeout": 0,
        "max_age": 3600
    },
    "zfa": {
        "client_id": "",
        "client_secret": "",
        "backend": "https://api.mpin.io"
    },
    "idp": {
        "private_key": "",
        "public_certificate": "",
        "metadata": "<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"{{.ValidUntil}}\" cacheDuration=\"{{.CacheDuration}}\" entityID=\"{{.EntityID}}\"><IDPSSODescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><KeyDescriptor use=\"signing\"><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Data><X509Certificate>{{.SigningCertificate}}</X509Certificate></X509Data></KeyInfo></KeyDescriptor><KeyDescriptor use=\"encryption\"><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Data><X509Certificate>{{.EncryptionCertificate}}</X509Certificate></X509Data></KeyInfo><EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\"></EncryptionMethod><EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes192-cbc\"></EncryptionMethod><EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\"></EncryptionMethod><EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\"></EncryptionMethod></KeyDescriptor><NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat><SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"{{.SsoRedirectLocation}}\"></SingleSignOnService><SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"{{.SsoPostLocation}}\"></SingleSignOnService></IDPSSODescriptor></EntityDescriptor>",
        "response_form": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?><!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\" dir=\"ltr\"><head><title>SSO REDIRECT TO: {{.URL}}</title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" /><meta name=\"language\" content=\"en\" /><meta name=\"description\" content=\"Redirect the user to the Service Provider: {{.URL}}\" /></head><body onload=\"document.getElementById('SAMLResponseForm').submit()\"><form method=\"post\" action=\"{{.URL}}\" id=\"SAMLResponseForm\"><div><input type=\"hidden\" name=\"SAMLResponse\" id=\"SAMLResponse\" value=\"{{.SAMLResponse}}\" /><input type=\"hidden\" name=\"RelayState\" id=\"RelayState\" value=\"{{.RelayState}}\" /><input type=\"submit\" value=\"Continue\" /></div></form></body></html>",
        "cache_duration": 48,
        "max_sp_delay": 90
    },
    "profile": {
        "assertion": {
            "global": "<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"{{.ID}}\" IssueInstant=\"{{.TimeNow}}\" Version=\"2.0\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:entity\">{{.MetadataEntityID}}</Issuer>{{.SignatureBlock}}<Subject>{{.NameID}}<SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData NotOnOrAfter=\"{{.TimeExpire}}\" Address=\"{{.RecipientIP}}\" Recipient=\"{{.Recipient}}\" {{if not (eq .AuthnRequestID \"\")}}InResponseTo=\"{{.AuthnRequestID}}\"{{end}}/></SubjectConfirmation></Subject><Conditions NotBefore=\"{{.TimeNow}}\" NotOnOrAfter=\"{{.TimeExpire}}\"><AudienceRestriction><Audience>{{.SPEntityID}}</Audience></AudienceRestriction></Conditions><AuthnStatement AuthnInstant=\"{{.SessionCreateTime}}\" SessionIndex=\"{{.SessionIndex}}\" SessionNotOnOrAfter=\"{{.TimeExpire}}\"><SubjectLocality Address=\"{{.RemoteAddress}}\" /><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement>{{.AttributeStatement}}</Assertion>",
            "zabbix": "<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"{{.ID}}\" IssueInstant=\"{{.TimeNow}}\" Version=\"2.0\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:entity\">{{.MetadataEntityID}}</Issuer>{{.SignatureBlock}}<Subject>{{.NameID}}<SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData NotOnOrAfter=\"{{.TimeExpire}}\" Address=\"10.10.24.66\" Recipient=\"{{.Recipient}}\" {{if not (eq .AuthnRequestID \"\")}}InResponseTo=\"{{.AuthnRequestID}}\"{{end}}/></SubjectConfirmation></Subject><Conditions NotBefore=\"{{.TimeNow}}\" NotOnOrAfter=\"{{.TimeExpire}}\"><AudienceRestriction><Audience>{{.SPEntityID}}</Audience></AudienceRestriction></Conditions><AuthnStatement AuthnInstant=\"{{.SessionCreateTime}}\" SessionIndex=\"{{.SessionIndex}}\"><SubjectLocality Address=\"{{.RemoteAddress}}\" /><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement>{{.AttributeStatement}}</Assertion>"
        },
        "nameid": {
            "global": "<NameID NameQualifier=\"{{.MetadataEntityID}}\" SPNameQualifier=\"{{.SPEntityID}}\" Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">{{.ServiceProviderUserID}}</NameID>",
            "office365": "<NameID NameQualifier=\"{{.MetadataEntityID}}\" SPNameQualifier=\"{{.SPEntityID}}\" Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">{{.SessionUserName | urlquery}}</NameID>",
            "email": "<NameID NameQualifier=\"{{.MetadataEntityID}}\" SPNameQualifier=\"{{.SPEntityID}}\" Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">{{.SessionUserEmail}}</NameID>",
            "github": "<NameID NameQualifier=\"{{.MetadataEntityID}}\" SPNameQualifier=\"{{.SPEntityID}}\" Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\">{{.SessionUserName}}</NameID>"
        },
        "attribute": {
            "global": "<AttributeStatement>{{ if not (eq .ServiceProviderUserID \"\")}}<Attribute FriendlyName=\"uid\" Name=\"urn:oid:0.9.2342.19200300.100.1.1\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue xmlns:XMLSchema-instance=\"http://www.w3.org/2001/XMLSchema-instance\" XMLSchema-instance:type=\"xs:string\">{{.ServiceProviderUserID}}</AttributeValue></Attribute>{{end}}{{ if not (eq .SessionUserEmail \"\")}}<Attribute FriendlyName=\"mail\" Name=\"urn:oid:0.9.2342.19200300.100.1.3\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue xmlns:XMLSchema-instance=\"http://www.w3.org/2001/XMLSchema-instance\" XMLSchema-instance:type=\"xs:string\">{{.SessionUserEmail}}</AttributeValue></Attribute><Attribute FriendlyName=\"eduPersonPrincipalName\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue xmlns:XMLSchema-instance=\"http://www.w3.org/2001/XMLSchema-instance\" XMLSchema-instance:type=\"xs:string\">{{.SessionUserEmail}}</AttributeValue></Attribute>{{end}}</AttributeStatement>",
            "empty": "",
            "box": "<AttributeStatement><Attribute Name=\"primary_email\"><AttributeValue>{{.SessionUserEmail}}</AttributeValue></Attribute></AttributeStatement>",
            "office365": "<AttributeStatement><Attribute Name=\"IDPEmail\"><AttributeValue>{{.SessionUserEmail}}</AttributeValue></Attribute></AttributeStatement>",
            "aws": "<AttributeStatement><Attribute Name=\"https://aws.amazon.com/SAML/Attributes/Role\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:basic\"><AttributeValue>arn:aws:iam::YOURAWSACCOUNTNUMBER:role/YOURSSOROLE,arn:aws:iam::YOURAWSACCOUNTNUMBER:saml-provider/YOURPROVIDER</AttributeValue></Attribute><Attribute Name=\"https://aws.amazon.com/SAML/Attributes/RoleSessionName\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:basic\"><AttributeValue>{{.SessionUserEmail}}</AttributeValue></Attribute></AttributeStatement>",
            "samanage": "<AttributeStatement><Attribute NameFormat=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\" Name=\"IDPEmail\"><AttributeValue>{{.SessionUserEmail}}</AttributeValue></Attribute></AttributeStatement>",
            "datadog": "<AttributeStatement>{{ if not (eq .SessionUserEmail \"\")}}<Attribute FriendlyName=\"eduPersonPrincipalName\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue xmlns:XMLSchema-instance=\"http://www.w3.org/2001/XMLSchema-instance\" XMLSchema-instance:type=\"xs:string\">{{.SessionUserEmail}}</AttributeValue></Attribute><Attribute FriendlyName=\"sn\" Name=\"urn:oid:2.5.4.4\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue xmlns:XMLSchema-instance=\"http://www.w3.org/2001/XMLSchema-instance\" XMLSchema-instance:type=\"xs:string\">{{.SessionUserEmail}}</AttributeValue></Attribute><Attribute FriendlyName=\"givenName\" Name=\"urn:oid:2.5.4.42\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue xmlns:XMLSchema-instance=\"http://www.w3.org/2001/XMLSchema-instance\" XMLSchema-instance:type=\"xs:string\">{{.SessionUserEmail}}</AttributeValue></Attribute>{{end}}</AttributeStatement>",
            "tsystems_otc_admin": "<AttributeStatement><Attribute FriendlyName=\"mail\" Name=\"urn:oid:0.9.2342.19200300.100.1.3\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>{{.SessionUserEmail}}</AttributeValue></Attribute><Attribute FriendlyName=\"groups\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>restricted</AttributeValue></Attribute></AttributeStatement>"
        },
        "response": {
            "global": "<Response xmlns=\"urn:oasis:names:tc:SAML:2.0:protocol\" Version=\"2.0\" Destination=\"{{.Destination}}\" {{if not (eq .AuthnRequestID \"\")}}InResponseTo=\"{{.AuthnRequestID}}\"{{end}} IssueInstant=\"{{.TimeNow}}\" ID=\"{{.ID}}\">{{if not (eq .MetadataEntityID \"\")}}<Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:entity\">{{.MetadataEntityID}}</Issuer>{{end}}{{.SignatureBlock}}<Status xmlns=\"urn:oasis:names:tc:SAML:2.0:protocol\"><StatusCode xmlns=\"urn:oasis:names:tc:SAML:2.0:protocol\" Value=\"{{.StatusCodeTL}}\">{{if not (eq .StatusCodeSL \"\")}}<StatusCode xmlns=\"urn:oasis:names:tc:SAML:2.0:protocol\" Value=\"{{.StatusCodeSL}}\" />{{end}}</StatusCode>{{if not (eq .StatusMessage \"\")}}<StatusMessage xmlns=\"urn:oasis:names:tc:SAML:2.0:protocol\">{{.StatusMessage}}</StatusMessage>{{end}}</Status>{{.Assertion}}</Response>"
        },
        "signature": {
            "global": "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></CanonicalizationMethod><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"></SignatureMethod><Reference URI=\"{{.ReferenceURI}}\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"></Transform><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></Transform></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"></DigestMethod><DigestValue></DigestValue></Reference></SignedInfo><SignatureValue></SignatureValue><KeyInfo><X509Data><X509Certificate>{{.Certificate}}</X509Certificate></X509Data></KeyInfo></Signature>",
            "sha1": "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></CanonicalizationMethod><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"></SignatureMethod><Reference URI=\"{{.ReferenceURI}}\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"></Transform><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></Transform></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"></DigestMethod><DigestValue></DigestValue></Reference></SignedInfo><SignatureValue></SignatureValue><KeyInfo><X509Data><X509Certificate>{{.Certificate}}</X509Certificate></X509Data></KeyInfo></Signature>"
        }
    },
    "ldap": {
        "server": {
            "global": {
                "method": "none",
                "address": "127.0.0.1:389",
                "user": "cn=Directory Manager",
                "password": "secret"
            }
        },
        "query": {
            "global": {
                "server": "global",
                "search": [
                    {
                        "dn": "ou=people,dc=example,dc=com",
                        "filter": "(uid={{.UserID}})"
                    },
                    {
                        "dn": "ou=people,dc=example,dc=com",
                        "filter": "({{index .DN 0}})"
                    }
                ]
            }
        }
    },
    "sp": {
        "jivex": {
            "description": "Jive is a communication and collaboration platform",
            "issuer": "https://example-ext.jiveon.com",
            "relay_state": "/",
            "login_url": "https://example-ext.jiveon.com",
            "logout_url": "https://example-ext.jiveon.com/logout.jspa",
            "slo_url": "",
            "metadata": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" ID=\"https://example-ext.jiveon.com\" entityID=\"https://example-ext.jiveon.com\"><md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>******</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor use=\"encryption\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>******</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</md:NameIDFormat><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://example-ext.jiveon.com/saml/sso\" index=\"0\" isDefault=\"true\"/></md:SPSSODescriptor></md:EntityDescriptor>",
            "sign_response": true,
            "sign_assertion": true,
            "encrypt_assertion": true,
            "user_id_transform": [
                {}
            ],
            "authorize": [
                [
                    {
                        "email": "^[^@]+@[^@]+$"
                    },
                    {
                        "ldap": "global"
                    }
                ]
            ],
            "profile": {
                "assertion": "global",
                "nameid": "global",
                "attribute": "global",
                "response": "global",
                "signature": "global"
            }
        },
        "salesforce": {
            "description": "Salesforce Customer Relationship Management (CRM)",
            "issuer": "https://saml.salesforce.com",
            "relay_state": "/",
            "login_url": "https://example--samlidp.cs61.my.salesforce.com",
            "logout_url": "https://example--samlidp.lightning.force.com/secur/logout.jsp",
            "slo_url": "",
            "metadata": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://saml.salesforce.com\" validUntil=\"2026-12-13T11:59:26.365Z\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><md:SPSSODescriptor AuthnRequestsSigned=\"true\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor use=\"signing\"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>******</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor use=\"encryption\"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>******</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://example--samlidp.cs61.my.salesforce.com?so=00D4C0000000heS&amp;sc=0LE4C000000Gn1F\" index=\"0\" isDefault=\"true\"/><md:AttributeConsumingService index=\"0\" isDefault=\"true\"><md:ServiceName xmlns:xml=\"http://www.w3.org/XML/1998/namespace\" xml:lang=\"en\">Salesforce.com</md:ServiceName><md:RequestedAttribute Name=\"urn:oid:0.9.2342.19200300.100.1.3\" isRequired=\"true\"/></md:AttributeConsumingService></md:SPSSODescriptor></md:EntityDescriptor>",
            "sign_response": true,
            "sign_assertion": true,
            "encrypt_assertion": true,
            "user_id_transform": [
                {}
            ],
            "authorize": [
                [
                    {}
                ]
            ],
            "profile": {
                "assertion": "global",
                "nameid": "global",
                "attribute": "global",
                "response": "global",
                "signature": "global"
            }
        },
        "office365": {
            "description": "Office 365 subscription plans to access Microsoft Office applications plus other productivity services",
            "issuer": "urn:federation:MicrosoftOnline",
            "relay_state": "/",
            "login_url": "https://login.microsoftonline.com",
            "logout_url": "https://login.microsoftonline.com/logout.srf",
            "slo_url": "",
            "metadata": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:alg=\"urn:oasis:names:tc:SAML:metadata:algsupport\" ID=\"_0c0d1ca7-7292-4bc6-801c-f880f6098f4e\" entityID=\"urn:federation:MicrosoftOnline\"><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/><Reference URI=\"#_0c0d1ca7-7292-4bc6-801c-f880f6098f4e\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/><DigestValue>lmuywskSIZK9HjyNuvYE+Y2vtNU=</DigestValue></Reference></SignedInfo><SignatureValue>******</X509Certificate></X509Data></KeyInfo></Signature><Extensions><alg:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/><alg:SigningMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/></Extensions><SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\" WantAssertionsSigned=\"true\"><KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>******</ds:X509Certificate></ds:X509Data></ds:KeyInfo></KeyDescriptor><KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>******</ds:X509Certificate></ds:X509Data></ds:KeyInfo></KeyDescriptor><SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://login.microsoftonline.com/login.srf\"/><NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat><NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat><NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat><NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat><NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat><AssertionConsumerService isDefault=\"true\" index=\"0\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://login.microsoftonline.com/login.srf\"/><AssertionConsumerService index=\"1\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign\" Location=\"https://login.microsoftonline.com/login.srf\"/><!-- PAOS functionality is NOT supported by this service. The binding is only included to ease setup and integration with Shibboleth ECP --><AssertionConsumerService index=\"2\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:PAOS\" Location=\"https://login.microsoftonline.com/login.srf\"/></SPSSODescriptor></EntityDescriptor>",
            "sign_response": true,
            "sign_assertion": true,
            "encrypt_assertion": false,
            "user_id_transform": [
                {}
            ],
            "authorize": [
                [
                    {}
                ]
            ],
            "profile": {
                "assertion": "global",
                "nameid": "office365",
                "attribute": "office365",
                "response": "global",
                "signature": "global"
            }
        },
        "aws": {
            "description": "Amazon Web Services (AWS) Cloud Computing",
            "issuer": "urn:amazon:webservices",
            "relay_state": "",
            "login_url": "http://127.0.0.1:8000/login/aws",
            "logout_url": "https://console.aws.amazon.com/iam/logout!doLogout",
            "slo_url": "",
            "metadata": "<?xml version=\"1.0\"?> <!-- https://signin.aws.amazon.com/static/saml-metadata.xml --> <EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" entityID=\"urn:amazon:webservices\" validUntil=\"2017-11-16T00:00:00Z\"> <SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\" WantAssertionsSigned=\"true\"> <KeyDescriptor use=\"signing\"> <ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"> <ds:X509Data> <ds:X509Certificate>******</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </KeyDescriptor> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> <AssertionConsumerService index=\"1\" isDefault=\"true\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://signin.aws.amazon.com/saml\"/> <AttributeConsumingService index=\"1\"> <ServiceName xml:lang=\"en\">AWS Management Console Single Sign-On</ServiceName> <RequestedAttribute isRequired=\"true\" Name=\"https://aws.amazon.com/SAML/Attributes/Role\" FriendlyName=\"RoleEntitlement\"/> <RequestedAttribute isRequired=\"true\" Name=\"https://aws.amazon.com/SAML/Attributes/RoleSessionName\" FriendlyName=\"RoleSessionName\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.1\" FriendlyName=\"eduPersonAffiliation\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.2\" FriendlyName=\"eduPersonNickname\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.3\" FriendlyName=\"eduPersonOrgDN\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.4\" FriendlyName=\"eduPersonOrgUnitDN\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.5\" FriendlyName=\"eduPersonPrimaryAffiliation\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" FriendlyName=\"eduPersonPrincipalName\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.7\" FriendlyName=\"eduPersonEntitlement\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.8\" FriendlyName=\"eduPersonPrimaryOrgUnitDN\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.9\" FriendlyName=\"eduPersonScopedAffiliation\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.10\" FriendlyName=\"eduPersonTargetedID\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.11\" FriendlyName=\"eduPersonAssurance\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.2.1.2\" FriendlyName=\"eduOrgHomePageURI\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.2.1.3\" FriendlyName=\"eduOrgIdentityAuthNPolicyURI\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.2.1.4\" FriendlyName=\"eduOrgLegalName\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.2.1.5\" FriendlyName=\"eduOrgSuperiorURI\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.2.1.6\" FriendlyName=\"eduOrgWhitePagesURI\"/> <RequestedAttribute isRequired=\"false\" Name=\"urn:oid:2.5.4.3\" FriendlyName=\"cn\"/> </AttributeConsumingService> </SPSSODescriptor> <Organization> <OrganizationName xml:lang=\"en\">Amazon Web Services, Inc.</OrganizationName> <OrganizationDisplayName xml:lang=\"en\">AWS</OrganizationDisplayName> <OrganizationURL xml:lang=\"en\">https://aws.amazon.com</OrganizationURL> </Organization> </EntityDescriptor>",
            "sign_response": true,
            "sign_assertion": true,
            "encrypt_assertion": false,
            "user_id_transform": [
                {}
            ],
            "authorize": [
                [
                    {}
                ]
            ],
            "profile": {
                "assertion": "global",
                "nameid": "global",
                "attribute": "aws",
                "response": "global",
                "signature": "global"
            }
        },
        "jira": {
            "description": "Jira issue tracking system",
            "issuer": "http://127.0.0.1:8080/plugins/servlet/samlsso",
            "relay_state": "",
            "login_url": "http://127.0.0.1:8080/plugins/servlet/samlsso",
            "logout_url": "http://127.0.0.1:8080/logout",
            "slo_url": "",
            "metadata": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"http://127.0.0.1:8080/plugins/servlet/samlsso\"><md:SPSSODescriptor WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://127.0.0.1:8080/plugins/servlet/samlsso\" index=\"0\"/></md:SPSSODescriptor></md:EntityDescriptor>",
            "sign_response": true,
            "sign_assertion": true,
            "encrypt_assertion": false,
            "user_id_transform": [
                {}
            ],
            "authorize": [
                [
                    {}
                ]
            ],
            "profile": {
                "assertion": "global",
                "nameid": "global",
                "attribute": "global",
                "response": "global",
                "signature": "global"
            }
        },
        "google": {
            "description": "Google Services",
            "issuer": "google.com",
            "relay_state": "",
            "login_url": "https://mail.google.com/a/example-sso-demo.com",
            "logout_url": "https://accounts.google.com/Logout",
            "slo_url": "",
            "metadata": "<!-- google doesn't provide a link to download its sp metadata, so this is hand-crafted --><?xml version=\"1.0\" encoding=\"UTF-8\"?> <md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"google.com\"> <md:SPSSODescriptor WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://www.google.com/a/example-sso-demo.co.uk/acs\"/> </md:SPSSODescriptor> </md:EntityDescriptor>",
            "sign_response": true,
            "sign_assertion": true,
            "encrypt_assertion": false,
            "user_id_transform": [
                {}
            ],
            "authorize": [
                [
                    {}
                ]
            ],
            "profile": {
                "assertion": "global",
                "nameid": "global",
                "attribute": "google",
                "response": "global",
                "signature": "global"
            }
        },
        "googledm": {
            "description": "Google Domain Services",
            "issuer": "google.com/a/example-sso-demo.co.uk",
            "relay_state": "",
            "login_url": "https://mail.google.com/a/example-sso-demo.com",
            "logout_url": "https://accounts.google.com/Logout",
            "slo_url": "",
            "metadata": "<!-- google doesn't provide a link to download its sp metadata, so this is hand-crafted --><?xml version=\"1.0\" encoding=\"UTF-8\"?> <md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"google.com/a/example-sso-demo.co.uk\"> <md:SPSSODescriptor WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://www.google.com/a/example-sso-demo.co.uk/acs\"/> </md:SPSSODescriptor> </md:EntityDescriptor>",
            "sign_response": true,
            "sign_assertion": true,
            "encrypt_assertion": false,
            "user_id_transform": [
                {}
            ],
            "authorize": [
                [
                    {}
                ]
            ],
            "profile": {
                "assertion": "global",
                "nameid": "global",
                "attribute": "google",
                "response": "global",
                "signature": "global"
            }
        },
        "sap": {
            "description": "SAP HANA is an in-memory platform for processing high volumes of data in real-time",
            "issuer": "https://hanatrial.ondemand.com/******",
            "relay_state": "",
            "login_url": "https://example.hanatrial.ondemand.com/com.sap.aa.hcp.cockpit",
            "logout_url": "",
            "slo_url": "",
            "metadata": "<ns3:EntityDescriptor ID=\"******\" entityID=\"https://hanatrial.ondemand.com/******\" xmlns:ns2=\"http://www.w3.org/2001/04/xmlenc#\" xmlns=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:ns4=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:ns3=\"urn:oasis:names:tc:SAML:2.0:metadata\"><ns3:SPSSODescriptor AuthnRequestsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><ns3:KeyDescriptor use=\"signing\"><KeyInfo><KeyName>https://hanatrial.ondemand.com/******</KeyName><X509Data><X509Certificate>******</X509Certificate></X509Data></KeyInfo></ns3:KeyDescriptor><ns3:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://authn.hanatrial.ondemand.com/saml2/sp/slo/******/******\"/><ns3:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://authn.hanatrial.ondemand.com/saml2/sp/slo/******/******\"/><ns3:AssertionConsumerService index=\"0\" isDefault=\"true\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://authn.hanatrial.ondemand.com/saml2/sp/acs/******/******\"/></ns3:SPSSODescriptor></ns3:EntityDescriptor>",
            "sign_response": true,
            "sign_assertion": true,
            "encrypt_assertion": false,
            "user_id_transform": [
                {}
            ],
            "authorize": [
                [
                    {}
                ]
            ],
            "profile": {
                "assertion": "global",
                "nameid": "global",
                "attribute": "sap",
                "response": "global",
                "signature": "global"
            }
        },
        "dropbox": {
            "description": "Dropbox is a cloud storage provider",
            "issuer": "Dropbox",
            "relay_state": "",
            "login_url": "https://www.dropbox.com/login",
            "logout_url": "https://www.dropbox.com/logout",
            "slo_url": "",
            "metadata": "<!-- dropbox doesn't provide a link to download its sp metadata, so this is hand-crafted --><?xml version=\"1.0\" encoding=\"UTF-8\"?> <md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"www.dropbox.com\"> <md:SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat> <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://www.dropbox.com/saml_login\"/> </md:SPSSODescriptor> </md:EntityDescriptor>",
            "sign_response": true,
            "sign_assertion": false,
            "encrypt_assertion": false,
            "user_id_transform": [
                {}
            ],
            "authorize": [
                [
                    {}
                ]
            ],
            "profile": {
                "assertion": "global",
                "nameid": "dropbox",
                "attribute": "global",
                "response": "global",
                "signature": "global"
            }
        }
    }
}

Top