-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcisco-nso-saml2-auth.xml.in
42 lines (41 loc) · 2.02 KB
/
cisco-nso-saml2-auth.xml.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?xml version="1.0"?>
<config xmlns="http://tail-f.com/ns/config/1.0">
<saml2-auth xmlns="http://tail-f.com/ns/cisco-nso-saml2-auth">
<identity-provider>
<entity-id>@DUO_METAURL@</entity-id>
<metadata-url>@DUO_METAURL@</metadata-url>
</identity-provider>
<service-provider>
<base-url>@NSO_URL@/sso</base-url>
<entity-id>@NSO_URL@/sso/saml/metadata/</entity-id>
<metadata><?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="@NSO_URL@/sso/saml/metadata/">
<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>@SP_CERTIFICATE@</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat></md:NameIDFormat>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="@NSO_URL@/sso/saml/logout/"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="@NSO_URL@/sso/saml/acs/" index="1"/>
</md:SPSSODescriptor>
</md:EntityDescriptor></metadata>
<signature-algorithm>rsa-sha256</signature-algorithm>
<private-key-signing>@SP_PRIVKEY@</private-key-signing>
<private-key-encryption>@SP_PRIVKEY@</private-key-encryption>
</service-provider>
</saml2-auth>
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<groups>
<group>
<name>admin</name>
<gid xmlns="http://tail-f.com/yang/acm">1001</gid>
</group>
<group>
<name>oper</name>
<gid xmlns="http://tail-f.com/yang/acm">1001</gid>
</group>
</groups>
</nacm>
</config>