#  If 'strict' is True, then the Java Toolkit will reject unsigned
#  or unencrypted messages if it expects them signed or encrypted
#  Also will reject the messages if not strictly follow the SAML
onelogin.saml2.strict =  false

# Enable debug mode (to print errors)
onelogin.saml2.debug =  false


#  Service Provider Data that we are deploying
#

#  Identifier of the SP entity  (must be a URI)
onelogin.saml2.sp.entityid = http://localhost:7474/samlbridge/metadata.jsp

# Specifies info about where and how the <AuthnResponse> message MUST be
#  returned to the requester, in this case our SP.
# URL Location where the <Response> from the IdP will be returned
onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:7474/samlbridge/acs.jsp

# SAML protocol binding to be used when returning the <Response>
# message.  Onelogin Toolkit supports for this endpoint the
# HTTP-POST binding only
onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

# Specifies info about where and how the <Logout Response> message MUST be
# returned to the requester, in this case our SP.
onelogin.saml2.sp.single_logout_service.url = http://localhost:7474/samlbridge/sls.jsp

# SAML protocol binding to be used when returning the <LogoutResponse> or sending the <LogoutRequest>
# message.  Onelogin Toolkit supports for this endpoint the
# HTTP-Redirect binding only
onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

# Specifies constraints on the name identifier to be used to
# represent the requested subject.
# Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

# Usually x509cert and privateKey of the SP are provided by files placed at
# the certs folder. But we can also provide them with the following parameters

onelogin.saml2.sp.x509cert =MIIDizCCAnOgAwIBAgIJANjuch1XRstAMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANWaWMxDTALBgNVBAcMBE1lbGIxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECwwEZHNhZjAeFw0xNzAyMDEwNTQyMDlaFw0yNzAyMDEwNTQyMDlaMFwxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANWaWMxDTALBgNVBAcMBE1lbGIxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECwwEZHNhZjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPWlwry8Wcm/tm4V0G8BB9ALM8/BuXXNm837pIAKceCVmQlgtNaA2DD6vehm3zLH+ovLoHHvU/0b1uNHxmHZ/Gf2bc5lJNXxwEAjqO/eGgbgsD9fziSJWWIvVMKmVmEU3iOpY71h4rxfL2sMcK8cEbPtVSAJcjQfcjPpdImzWBOXY3fiTuBjX6OXbOcXGIXpz4IebSzeiuUxit8nCZ29ksZtk+F7nBJGXhZOs02t0hzvvf2Vi3G7cOWlGDtYFyANziaEU4d9nfbH4O1a8lc8xhtzSjdDSysR9rcWd7wveqoVpVO/M9wxtL+xUlCEoFf9juowcbdlN017PnbsfNjk1f0CAwEAAaNQME4wHQYDVR0OBBYEFG2Rfj1spQLFlmt1gsXhFQ/itUXdMB8GA1UdIwQYMBaAFG2Rfj1spQLFlmt1gsXhFQ/itUXdMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAO5OJ4kRvTPW3ISie0VaKpxrvS5oLZzqwbl8vnhRumOENKnaCfsrbYIPirHh6C5HtYj4LnKroal1yrxHdeEKy97q4qej7H81UDpoFPY2puuD2GJb1lCm3Vk3HrFh7F9PfgefCGWo+HCGZfppn5K3qew2Gdyfvsy1vWS9TyEws9Q86CdT8ODqWypQLgJPWoRpbRzq2pw6iCdFeCVYm489yJEiNVjv59iFTSTKEd8FZuilLjILFmINV6u5CUiUfJucTxssXpNXfUAyEvFswrRIKCA/JHBuZQjU4pdJNN5OCB3bWsRC5+re1054TOu+DiYBYABxrTQAgpth09KA2nP1X/E=

# Requires Format PKCS#8   BEGIN PRIVATE KEY	     
# If you have     PKCS#1   BEGIN RSA PRIVATE KEY  convert it by   openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem
onelogin.saml2.sp.privatekey =MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQD1pcK8vFnJv7ZuFdBvAQfQCzPPwbl1zZvN+6SACnHglZkJYLTWgNgw+r3oZt8yx/qLy6Bx71P9G9bjR8Zh2fxn9m3OZSTV8cBAI6jv3hoG4LA/X84kiVliL1TCplZhFN4jqWO9YeK8Xy9rDHCvHBGz7VUgCXI0H3Iz6XSJs1gTl2N34k7gY1+jl2znFxiF6c+CHm0s3orlMYrfJwmdvZLGbZPhe5wSRl4WTrNNrdIc7739lYtxu3DlpRg7WBcgDc4mhFOHfZ32x+DtWvJXPMYbc0o3Q0srEfa3Fne8L3qqFaVTvzPcMbS/sVJQhKBX/Y7qMHG3ZTdNez527HzY5NX9AgMBAAECggEBAIkj3bBYxxfnPAYBj7gpLx9q4aYfVVb7TvyUfKYvLpxfaGzf3JXUoN3XXqacqAdFtg7Nw+lX39/y5ulEbPC8LjosTelodkQrD1W/ktU3ffhRAJSg/AlR1OEH4544FwlkCRCHxPM57seTrHlrHI3mccutuFSGcYe/9pYcw78MrSNhzVkyceVEWHZi1jONAAk3ixDcXLzhsbfM1CFBEyz19EY129FQ4by1XwKwW3L1qloFlDi4JngLRAwO2vX1MvP9I9OGfX9PrGeYD6ZFd6cQerNEdhNa42kQ0oEml/LT0I4q9UCE7mSCamhg8HTHHd/wg9IaD4Ud2fN05FsgM54WNtECgYEA+xq1CEHlB4CY8aPeMJK/7KZ6f3anTFir1RFPHH+8OyAhbX2aP8CAFNhOFgInHZWwg92+t5E+EObPUQ4yHFW+xnl+Ba/DDic/pYGFWoeAbrIPkPbx6dPVgVPUtjilejYX0I6k2wt6JgZRt78xQzdZZTMeUgmxAazksnw9hjY1m0sCgYEA+m/RXzGpxLyCaNuz6cgQ62Qqns6MOT+1ELE7Y+GSnaw3Qdn7XhJOOPQCI4boUNb0kbVmmqtiuvyo5KtXkRoSaSarVo/ntREhlHXm51kDOJJI7i0yIIW/3KzT7Q1ZrAeLSHkhS5+Jo02gePiLvVrBE1W+5/YnTMN/ERY4FQOB/tcCgYEAxGQB/MBU2YZJmIw6hjDwbK1UF4b8l+iuFAninv6EgJXDrzfSQVRUmHkIsYvjfe8KTEhNFpNBQMTUlqeMp76kY+S3nMj3vIUT8WUYoFJkL6+SHyYU1HW6gdjH//DT836FJ7e41hzm3wCIPzcI13Jdt5nAeBdeWloX0ET9dY/GY3sCgYEAqxtE+P5smM+XZl9d4EfiT4IDoLdMlTzS0FHXWxne272zj1mI5jApo74LzAw7pCgJt5gyP1EDxvAj0QDEdo5Sr+dMv3rY/Bx1TgL0PXLSwY8pJxpYGmJnwTWQInGxp9kLr/ua5Rlep+W804o1p61fJ3+5TLEhDtCve5Qrwye/ZMcCgYBEhdAa6c83Hgfyw86Fu0be0EeII2lZzPRqVMxQiTuoMJKL75VG7RVjCml/pMDXxpPxy3SMgBqE0W6PcRQIbKFtljBDqDlSHxomAdhWuFyssFqFv/20tsrJ6okC+RbRJuMN30hFtBO2UvhTv9x6KYCzOiS4U3zyZKvVp5ylJamffA==
							   	
# Identity Provider Data that we want connect with our SP
#

# Identifier of the IdP entity  (must be a URI)
onelogin.saml2.idp.entityid = http://www.okta.com/exkp6jk2xDa2t1uB7355

# SSO endpoint info of the IdP. (Authentication Request protocol)
# URL Target of the IdP where the SP will send the Authentication Request Message
onelogin.saml2.idp.single_sign_on_service.url = https://yellowfin.okta.com/app/yellowfin_yellowfin_1/exkp6jk2xDa2t1uB7355/sso/saml

# SAML protocol binding to be used when returning the <Response>
# message.  Onelogin Toolkit supports for this endpoint the
# HTTP-Redirect binding only
onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

# SLO endpoint info of the IdP.
# URL Location of the IdP where the SP will send the SLO Request
onelogin.saml2.idp.single_logout_service.url = https://yellowfin.okta.com/app/yellowfin_yellowfin_1/exkp6jk2xDa2t1uB7355/sso/saml

# Optional SLO Response endpoint info of the IdP.
# URL Location of the IdP where the SP will send the SLO Response. If left blank, same URL as onelogin.saml2.idp.single_logout_service.url will be used.
# Some IdPs use a separate URL for sending a logout request and response, use this property to set the separate response url
onelogin.saml2.idp.single_logout_service.response.url = https://yellowfin.okta.com/app/yellowfin_yellowfin_1/exkp6jk2xDa2t1uB7355/sso/saml

# SAML protocol binding to be used when returning the <Response>
# message.  Onelogin Toolkit supports for this endpoint the
# HTTP-Redirect binding only
onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

# Public x509 certificate of the IdP
onelogin.saml2.idp.x509cert = MIIDojCCAoqgAwIBAgIGAWU0TWRYMA0GCSqGSIb3DQEBCwUAMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEjAQBgNVBAMMCXllbGxvd2ZpbjEcMBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTAeFw0xODA4MTMxNzE5MTFaFw0yODA4MTMxNzIwMTFaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEjAQBgNVBAMMCXllbGxvd2ZpbjEcMBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIbCraZEjxnJjNbKD084seipsqZ3ZEaZVhdEpxP+i8aK/fpFb5dB7s9uaSR3oKcyybJRcK6lZinu7Qwt0UG/Y8h1MfJL85V+lyfsE8u+zowak53GDqdANaQ1LSrOTZ0lP33rjz6XMuDyLw4KCktz2SNCAnxEkgCISRYeyyXurDOYyUxfn05PFTQtmOmMvgQvJloUmAme5JBkc8d9ZqXqCdHT4MSkN+7hDD5uCwRypf+Joyb4306JERHPNp4NbTDc4wZOONo0wzhBKk7ZQlHQDNrin3ERjRC6pBrEnkVT+IS+kEAQLsG2H9vq3vQf+xFxZDNfQSPRd/02zoaVmkjsI4sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAO3N0P403uxmQ84Cj+Kz5XowAtd3c/Li6E1f4yVwxkt3M6Ri/UkGb8WdhwVXPmd5T1I8gQ9euKy4S8HteNIixFwbQEwPBotg6nFXp/fk5N4+dEhnKdKdy+ka3fLz0kFlW2Gp4JcW/hV8ceNHvEqhbkxKwx1DFyB1EGIIIGn+J90vZBET3RZuOD6L4k3A0BNtKFyJ6K+iFGGy18IIx9fqxaXSOCq3KocTQ4T1GWXToRzwK7Wqrsej6Axjh+PNdBUyekS/Bx7PwMLMgc+XCujpy22c4694lWs4zb0yTcTIG939oIVDVz4/smy4ZNw2ciB++oiLcNml6LifkDBPkIKGeUQ==

# Instead of use the whole x509cert you can use a fingerprint
# (openssl x509 -noout -fingerprint -in "idp.crt" to generate it,
# or add for example the -sha256 , -sha384 or -sha512 parameter)
#
# If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to
# let the toolkit know which Algorithm was used. Possible values: sha1, sha256, sha384 or sha512
# 'sha1' is the default value.
onelogin.saml2.idp.certfingerprint = DB:4B:39:A4:95:A6:90:9C:6C:E5:1B:C3:CD:F0:51:95:0C:45:BF:09
onelogin.saml2.idp.certfingerprint_algorithm = sha1


# Security settings
#

# Indicates that the nameID of the <samlp:logoutRequest> sent by this SP
# will be encrypted.
onelogin.saml2.security.nameid_encrypted = false

# Indicates whether the <samlp:AuthnRequest> messages sent by this SP
# will be signed.              [The Metadata of the SP will offer this info]
onelogin.saml2.security.authnrequest_signed = false

# Indicates whether the <samlp:logoutRequest> messages sent by this SP
# will be signed.
onelogin.saml2.security.logoutrequest_signed = false

# Indicates whether the <samlp:logoutResponse> messages sent by this SP
# will be signed.
onelogin.saml2.security.logoutresponse_signed = false

# Sign the Metadata
# Empty means no signature, or comma separate the keyFileName and the certFileName
onelogin.saml2.security.want_messages_signed = 

# Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and
# <samlp:LogoutResponse> elements received by this SP to be signed.
onelogin.saml2.security.want_assertions_signed = false

# Indicates a requirement for the Metadata of this SP to be signed.
# Right now supported null (in order to not sign) or true (sign using SP private key) 
onelogin.saml2.security.sign_metadata = 

# Indicates a requirement for the Assertions received by this SP to be encrypted
onelogin.saml2.security.want_assertions_encrypted = false

# Indicates a requirement for the NameID received by this SP to be encrypted
onelogin.saml2.security.want_nameid_encrypted = false

# Authentication context.
# Set Empty and no AuthContext will be sent in the AuthNRequest,
# Set comma separated values urn:oasis:names:tc:SAML:2.0:ac:classes:urn:oasis:names:tc:SAML:2.0:ac:classes:Password
onelogin.saml2.security.requested_authncontext = urn:oasis:names:tc:SAML:2.0:ac:classes:urn:oasis:names:tc:SAML:2.0:ac:classes:Password

# Allows the authn comparison parameter to be set, defaults to 'exact'
onelogin.saml2.security.onelogin.saml2.security.requested_authncontextcomparison = exact


# Indicates if the SP will validate all received xmls.
# (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true).
onelogin.saml2.security.want_xml_validation = true

# Algorithm that the toolkit will use on signing process. Options:
#  'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
#  'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
#  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
#  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
#  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
onelogin.saml2.security.signature_algorithm = http://www.w3.org/2000/09/xmldsig#rsa-sha1

# Organization
onelogin.saml2.organization.name = SP Java 
onelogin.saml2.organization.displayname = SP Java Example
onelogin.saml2.organization.url = http://sp.example.com

# Contacts
onelogin.saml2.contacts.technical.given_name = Technical Guy
onelogin.saml2.contacts.technical.email_address = technical@example.com
onelogin.saml2.contacts.support.given_name = Support Guy
onelogin.saml2.contacts.support.email_address = support@@example.com