Kindly confirm if this option works and is active
_saml_config = {
'sp': {
'entityId': 'indico-saml',
# Depending on your security config below you may need to generate
# a certificate and private key.
# You can use https://www.samltool.com/self_signed_certs.php or
# use openssl for it (which is more secure as it ensures the
# key never leaves your machine)
'x509cert': '',
'privateKey': '',
},
'idp': {
# This metadata is provided by your SAML IdP. You can omit (or
# leave empty) the whole 'idp' section in case you need SP
# metadata to register your app and get the IdP metadata from
# https://indico.example.com/multipass/saml/{auth-provider-name}/metadata
# and then fill in the IdP metadata afterwards.
'entityId': 'https://my-idp.example.com',
'singleSignOnService': {
'url': 'https://my-idp.example.com/saml',
'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
},
'singleLogoutService': {
'url': 'https://my-idp.example.com/saml',
'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
},
'x509cert': ''
},
# These advanced settings allow you to tune the SAML security options.
# Please see the documentation on https://github.com/onelogin/python3-saml
# for details on how they behave. Note that by requiring signatures,
# you usually need to set a cert and key on your SP config.
'security': {
'nameIdEncrypted': False,
'authnRequestsSigned': True,
'logoutRequestSigned': True,
'logoutResponseSigned': True,
'signMetadata': True,
'wantMessagesSigned': True,
'wantAssertionsSigned': True,
'wantNameId' : True,
'wantNameIdEncrypted': False,
'wantAssertionsEncrypted': False,
'allowSingleLabelDomains': False,
'signatureAlgorithm': 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
'digestAlgorithm': 'http://www.w3.org/2001/04/xmlenc#sha256'
}
}
AUTH_PROVIDERS = {
'saml': {
'type': 'saml',
'title': 'SAML SSO',
'saml_config': _saml_config,
# If your IdP is using ADFS you may need to uncomment this. For details, see
# https://github.com/onelogin/python-saml/pull/144
# 'lowercase_urlencoding': True
}
}
IDENTITY_PROVIDERS = {
'saml': {
'type': 'saml',
'title': 'SSO',
'mapping': {
'first_name': 'Firstname',
'last_name': 'Lastname',
'email': 'EmailAddress',
'affiliation': 'HomeInstitute',
},
'trusted_email': True,
# You can use a different field as the unique identifier.
# By default the qualified NameID from SAML is used, but in
# case you want to use something else, any SAML attribute can
# be used.
# 'identifier_field': 'Username'
}
}