SHIBUI-2380

application.yml updates for testing and for RPOs

backend/src/enversTest/resources/application.yml

@@ -0,0 +1,166 @@
+#spring:
+#  jpa:
+#    show-sql: false
+#    properties:
+#      hibernate:
+#        format_sql: true
+#        dialect: org.hibernate.dialect.PostgreSQL95Dialect
+# OR SEE: https://access.redhat.com/webassets/avalon/d/red-hat-jboss-enterprise-application-platform/7.2/javadocs/org/hibernate/dialect/package-summary.html
+
+#shibui:
+## Default password must be set for the default user to be configured and setup
+#  default-rootuser:root
+## need to include the encoding for the password - be sure to quote the entire value as shown
+#  default-password: "{noop}foopassword"
+#  pac4j-enabled: true
+#  pac4j:
+#    keystorePath: "/etc/shibui/samlKeystore.jks"
+#    keystorePassword: "changeit"
+#    privateKeyPassword: "changeit"
+#    serviceProviderEntityId: "https://idp.example.com/shibui"
+#    serviceProviderMetadataPath: "/etc/shibui/sp-metadata.xml"
+#    identityProviderMetadataPath: "/etc/shibui/idp-metadata.xml"
+#    forceServiceProviderMetadataGeneration: false
+#    callbackUrl: "https://localhost:8443/callback"
+#    postLogoutURL: "https://idp.example.com/idp/profile/Logout"  # Must set this to get IDP logout
+#    maximumAuthenticationLifetime: 3600000
+#    requireAssertedRoleForNewUsers: false
+#    saml2ProfileMapping:
+#      username: urn:oid:0.9.2342.19200300.100.1.1
+#      firstname: urn:oid:2.5.4.42
+#      lastname: urn:oid:2.5.4.4
+#      email: urn:oid:0.9.2342.19200300.100.1.3
+#      groups: urn:oid:1.3.6.1.4.1.5923.1.5.1.1 # attributeId - isMemberOf
+#      roles: --define name of the attribute containing the incoming user roles--
+
+custom:
+  attributes:
+    # Default attributes
+    - name: eduPersonPrincipalName
+      displayName: label.attribute-eduPersonPrincipalName
+    - name: uid
+      displayName: label.attribute-uid
+    - name: mail
+      displayName: label.attribute-mail
+    - name: surname
+      displayName: label.attribute-surname
+    - name: givenName
+      displayName: label.attribute-givenName
+    - name: eduPersonAffiliation
+      displayName: label.attribute-eduPersonAffiliation
+    - name: eduPersonScopedAffiliation
+      displayName: label.attribute-eduPersonScopedAffiliation
+    - name: eduPersonPrimaryAffiliation
+      displayName: label.attribute-eduPersonPrimaryAffiliation
+    - name: eduPersonEntitlement
+      displayName: label.attribute-eduPersonEntitlement
+    - name: eduPersonAssurance
+      displayName: label.attribute-eduPersonAssurance
+    - name: eduPersonUniqueId
+      displayName: label.attribute-eduPersonUniqueId
+    - name: employeeNumber
+      displayName: label.attribute-employeeNumber
+  # Custom attributes
+
+  # The following contains a map of "relying party overrides".
+  # The structure of an entry is as follows:
+  # - name: The name of the entry. used to uniquely identify this entry.
+  #   displayName: This will normally be the label used when displaying this override in the UI
+  #   displayType: The type to use when displaying this option
+  #   helpText: This is the help-icon hover-over text
+  #   defaultValues: One or more values to be displayed as default options in the UI
+  #   persistType: Optional. If it is necessary to persist something different than the override's display type,
+  #                set that type here. For example, display a boolean, but persist a string.
+  #   persistValue: Required only when persistType is used. Defines the value to be persisted.
+  #   attributeName: This is the name of the attribute to be used in the xml. This is assumed to be a URI.
+  #   attributeFriendlyName: This is the friendly name associated with the above attributeName.
+  #
+  # It is imperative when defining these that the "displayType" and "persistType" are known types.
+  # Typos or unsupported values here will result in that override being skipped!
+  # Supported types are as follows: boolean, integer, string, set, list
+  # Note that "persistType" doesn't have to match "displayType". However, the only unmatching combination currently
+  # supported is a "displayType" of "boolean" and "persistType" of "string".
+  overrides:
+    # Default overrides
+    - name: signAssertion
+      displayName: label.sign-the-assertion
+      displayType: boolean
+      helpText: tooltip.sign-assertion
+      attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signAssertions
+      attributeFriendlyName: signAssertions
+    - name: dontSignResponse
+      displayName: label.dont-sign-the-response
+      displayType: boolean
+      helpText: tooltip.dont-sign-response
+      attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses
+      attributeFriendlyName: signResponses
+      invert: true
+    - name: turnOffEncryption
+      displayName: label.turn-off-encryption-of-response
+      displayType: boolean
+      helpText: tooltip.turn-off-encryption
+      attributeName: http://shibboleth.net/ns/profiles/encryptAssertions
+      attributeFriendlyName: encryptAssertions
+      invert: true
+    - name: useSha
+      displayName: label.use-sha1-signing-algorithm
+      displayType: boolean
+      helpText: tooltip.usa-sha-algorithm
+      persistType: string
+      persistValue: shibboleth.SecurityConfiguration.SHA1
+      attributeName: http://shibboleth.net/ns/profiles/securityConfiguration
+      attributeFriendlyName: securityConfiguration
+    - name: ignoreAuthenticationMethod
+      displayName: label.ignore-any-sp-requested-authentication-method
+      displayType: boolean
+      helpText: tooltip.ignore-auth-method
+      persistType: string
+      persistValue: 0x1
+      attributeName: http://shibboleth.net/ns/profiles/disallowedFeatures
+      attributeFriendlyName: disallowedFeatures
+    - name: omitNotBefore
+      displayName: label.omit-not-before-condition
+      displayType: boolean
+      helpText: tooltip.omit-not-before-condition
+      attributeName: http://shibboleth.net/ns/profiles/includeConditionsNotBefore
+      attributeFriendlyName: includeConditionsNotBefore
+      invert: true
+    - name: responderId
+      displayName: label.responder-id
+      displayType: string
+      helpText: tooltip.responder-id
+      attributeName: http://shibboleth.net/ns/profiles/responderId
+      attributeFriendlyName: responderId
+    - name: nameIdFormats
+      displayName: label.nameid-format-to-send
+      displayType: set
+      helpText: tooltip.nameid-format
+      defaultValues:
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+      attributeName: http://shibboleth.net/ns/profiles/nameIDFormatPrecedence
+      attributeFriendlyName: nameIDFormatPrecedence
+    - name: authenticationMethods
+      displayName: label.authentication-methods-to-use
+      displayType: set
+      helpText: tooltip.authentication-methods-to-use
+      defaultValues:
+        - https://refeds.org/profile/mfa
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+      attributeName: http://shibboleth.net/ns/profiles/defaultAuthenticationMethods
+      attributeFriendlyName: defaultAuthenticationMethods
+    - name: forceAuthn
+      displayName: label.force-authn
+      displayType: boolean
+      helpText: tooltip.force-authn
+      attributeName: http://shibboleth.net/ns/profiles/forceAuthn
+      attributeFriendlyName: forceAuthn
+    - name: ignoreRequestSignatures
+      displayName: label.ignore-request-signatures
+      displayType: boolean
+      helpText: tooltip.ignore-request-signatures
+      attributeName: http://shibboleth.net/ns/profiles/ignoreRequestSignatures
+      attributeFriendlyName: ignoreRequestSignatures