simple-saml-proxy/.env.example at main · sters/simple-saml-proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# SAML Proxy Configuration Example
# Copy this file to .env and configure with your values

# =============================================================================
# Proxy Configuration (Required)
# =============================================================================
# The proxy acts as both an IdP (to Service Providers) and an SP (to Identity Providers)

# Entity ID for the proxy itself - this is how the proxy identifies itself
PROXY_ENTITY_ID=http://localhost:8080

# Assertion Consumer Service URL - where IdPs send SAML responses
PROXY_ACS_URL=http://localhost:8080/sso/acs

# Metadata URL - where SPs can fetch the proxy's metadata
PROXY_METADATA_URL=http://localhost:8080/metadata

# Path to the proxy's private key file (required)
PROXY_PRIVATE_KEY_PATH=/path/to/proxy/private.key

# Path to the proxy's certificate file (required)
PROXY_CERTIFICATE_PATH=/path/to/proxy/certificate.crt

# =============================================================================
# Identity Provider Configuration (At least one required)
# =============================================================================
# Configure multiple IdPs by incrementing the index (IDP_0_, IDP_1_, IDP_2_, etc.)

# First IdP
IDP_0_ID=example-idp
IDP_0_ENTITY_ID=https://idp.example.com/saml/metadata
IDP_0_SSO_URL=https://idp.example.com/saml/sso
IDP_0_CERTIFICATE_PATH=/path/to/idp/certificate.crt
# Optional: Use metadata URL instead of manual configuration
# IDP_0_METADATA_URL=https://idp.example.com/saml/metadata

# Second IdP (optional)
# IDP_1_ID=another-idp
# IDP_1_ENTITY_ID=https://another-idp.example.com/saml/metadata
# IDP_1_SSO_URL=https://another-idp.example.com/saml/sso
# IDP_1_CERTIFICATE_PATH=/path/to/another-idp/certificate.crt
# IDP_1_METADATA_URL=https://another-idp.example.com/saml/metadata

# =============================================================================
# Allowed Service Providers Configuration (Optional)
# =============================================================================
# Configure which SPs are allowed to use this proxy
# If not specified, all SPs are allowed

# First allowed SP
# PROXY_ALLOWED_SP_0_ENTITY_ID=https://sp1.example.com
# PROXY_ALLOWED_SP_0_ACS_URL=https://sp1.example.com/saml/acs
# PROXY_ALLOWED_SP_0_METADATA_URL=https://sp1.example.com/saml/metadata

# Second allowed SP
# PROXY_ALLOWED_SP_1_ENTITY_ID=https://sp2.example.com
# PROXY_ALLOWED_SP_1_ACS_URL=https://sp2.example.com/saml/acs
# PROXY_ALLOWED_SP_1_METADATA_URL=https://sp2.example.com/saml/metadata

# =============================================================================
# Server Configuration
# =============================================================================
# HTTP server listen address (default: :8080)
SERVER_LISTEN_ADDRESS=:8080

# =============================================================================
# Example Production Configuration
# =============================================================================
# For production, you would typically use HTTPS URLs and proper certificates:
#
# PROXY_ENTITY_ID=https://saml-proxy.mycompany.com
# PROXY_ACS_URL=https://saml-proxy.mycompany.com/sso/acs
# PROXY_METADATA_URL=https://saml-proxy.mycompany.com/metadata
# PROXY_PRIVATE_KEY_PATH=/etc/saml-proxy/certs/proxy.key
# PROXY_CERTIFICATE_PATH=/etc/saml-proxy/certs/proxy.crt
#
# IDP_0_ID=okta
# IDP_0_METADATA_URL=https://mycompany.okta.com/app/abc123/sso/saml/metadata
#
# IDP_1_ID=azure-ad
# IDP_1_METADATA_URL=https://login.microsoftonline.com/tenant-id/federationmetadata/2007-06/federationmetadata.xml
#
# SERVER_LISTEN_ADDRESS=:443