Update the SAML backend configuration according to feedback

* add "mailto:" prefix to contact email addresses * add German information about the SP * add comment about subject-id and pairwise-id * mark displayName attribute as required

Update the SAML backend configuration according to feedback
* add "mailto:" prefix to contact email addresses * add German information about the SP * add comment about subject-id and pairwise-id * mark displayName attribute as required
8ddd012f · Moser, Maximilian · 6f647105 · 8ddd012f
Commit 8ddd012f authored 1 year ago by Moser, Maximilian
--- a/config/saml2-backend.yaml
+++ b/config/saml2-backend.yaml
@@ -46,10 +46,10 @@ config:
      url: "https://www.tuwien.at/"
    contact_person:
      - contact_type: "technical"
-        email_address: "tudata@tuwien.ac.at"
+        email_address: "mailto:tudata@tuwien.ac.at"
        given_name: "Technical Support"
      - contact_type: "other"
-        email_address: "tudata@tuwien.ac.at"
+        email_address: "mailto:tudata@tuwien.ac.at"
        given_name: "Security Contact"

    # we don't go around collecting the SAML metadata from every IDP individually, but rather get them
@@ -84,12 +84,18 @@ config:
      sp:
        ui_info:
          display_name:
+            - lang: "de"
+              text: "TU Wien Research Data"
            - lang: "en"
              text: "TU Wien Research Data"
          description:
+            - lang: "de"
+              text: "Das institutionelle Forschungsdaten-Repository der TU Wien"
            - lang: "en"
              text: "The institutional research data repository of TU Wien"
          information_url:
+            - lang: "de"
+              text: "https://researchdata.tuwien.ac.at/"
            - lang: "en"
              text: "https://researchdata.tuwien.ac.at/"
          privacy_statement_url:
@@ -125,7 +131,9 @@ config:
        requested_attributes:
          # "subject-id" (urn:oasis:names:tc:SAML:attribute:subject-id) and
          # "pairwise-id" (urn:oasis:names:tc:SAML:attribute:pairwise-id) are
-          # special in how they're requested
+          # special in how they're requested - they are newer than the SAML data model
+          # and their logic (only *one of them* is required) cannot be represented with
+          # simple boolean flags for "required"/"optional" - as such, they're left out here
          #
          # fallback for them: "ePPN"
          # https://help.switch.ch/aai/support/documents/attributes/edupersonprincipalname/
@@ -157,10 +165,10 @@ config:

        required_attributes:
          - "mail"
+          - "displayName"
          - "givenName"
          - "sn"

        optional_attributes:
          - "eduPersonPrincipalName"
          - "eduPersonScopedAffiliation"
-          - "displayName"