Commit 0fa1fea5 authored by Jarod Owen's avatar Jarod Owen
Browse files

Merge branch 'master' of gitlab.cs.wallawalla.edu:kretschmar/doorcode into JDO_Main

parents 1f3e283e 9e6aa54e
Pipeline #1138 passed with stages
in 1 minute and 45 seconds
......@@ -15,6 +15,15 @@ services:
volumes:
- ./src/web:/var/www
- ./nginx/conf.d/:/etc/nginx/conf.d/
# Saml config
- ./simplesamlphp-1.18.3:/var/simplesamlphp
- ./simple-saml/cert:/var/simplesamlphp/cert
- ./simple-saml/config:/var/simplesamlphp/config
- ./simple-saml/metadata:/var/simplesamlphp/metadata
- ./simplesamlphp-1.18.3:/var/simplesamlphp-idp
- ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
- ./simple-saml-idp/config:/var/simplesamlphp-idp/config
- ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
networks:
- doorcode
postgres:
......@@ -51,6 +60,15 @@ services:
volumes:
- ./src/web:/var/www
- ./php/dev.ini:/usr/local/etc/php/conf.d/local.ini
# Map saml files to the php-fpm server so it has access to them as well
- ./simplesamlphp-1.18.3:/var/simplesamlphp
- ./simple-saml/cert:/var/simplesamlphp/cert
- ./simple-saml/config:/var/simplesamlphp/config
- ./simple-saml/metadata:/var/simplesamlphp/metadata
- ./simplesamlphp-1.18.3:/var/simplesamlphp-idp
- ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
- ./simple-saml-idp/config:/var/simplesamlphp-idp/config
- ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
ports:
- "9000:9000"
networks:
......
......@@ -12,6 +12,31 @@ server {
access_log /var/log/nginx/access.log;
root /var/www/frontend;
location ^~ /simplesaml {
alias /var/simplesamlphp/www;
location ~ \.php(/|$) {
include fastcgi_params;
fastcgi_pass api:9000;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;
}
}
location ^~ /simplesaml-idp {
alias /var/simplesamlphp-idp/www;
location ~ \.php(/|$) {
include fastcgi_params;
fastcgi_pass api:9000;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;
}
}
location /api {
proxy_pass http://localhost.api/;
}
......@@ -21,6 +46,7 @@ server {
}
}
server {
listen 80;
index index.php index.html;
......
-----BEGIN CERTIFICATE-----
MIIEwTCCAymgAwIBAgIUWlixu/uHDLux2Txl3HGBngrYZxQwDQYJKoZIhvcNAQEL
BQAwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xFjAUBgNVBAcM
DUNvbGxlZ2UgUGxhY2UxHzAdBgNVBAoMFldhbGxhIFdhbGxhIFVuaXZlcnNpdHkx
EzARBgNVBAsMCktyZXRzY2htYXIwHhcNMjAwMTIxMTAyNjQxWhcNMzAwMTIwMTAy
NjQxWjBwMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEWMBQGA1UE
BwwNQ29sbGVnZSBQbGFjZTEfMB0GA1UECgwWV2FsbGEgV2FsbGEgVW5pdmVyc2l0
eTETMBEGA1UECwwKS3JldHNjaG1hcjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC
AYoCggGBALhJUyYFwJRwiYzXnuR4dGkEUF6hjnbXxKnkwfuRO0Apy7G3RGtkqq+v
GOTn2MymUpYOxXNCsz6cAwrrADjnW9cRUERkqR0KSnrTsATzF6rvnodM27hREysQ
EKVW+dcKIklrXxOaSRJuCoYXV+QuSK/Qph6qDYimxdLl4CWTuWtu2Pytr5ABcewY
oawf816ErcNVw2pP2gxAB+OxyoERlo2E+6b4yk6e1V/StFdRgeABuMAPAgip49PP
d7u0hUkay0fplB5fqg7xnuwMsJRffBJRRd5bZjMRz7M3OHL8kvhjCAWn54ERf8zY
JJLaG+D96TPT7fNbyfylDzWS64wwwdo/iX3R9cwpPatAmh6ke2MGgypE1Xv2EUmq
TPnlTIgxRxX4Y+N3sQibDtat1KhDIWZFk1YAkJpOarWaXolzUt/7wsYnocA51/RE
EDoIlVwa0xLDpGAMVHpzCmOMk62C047ptUVAKwPRKwVTRo44wyK2OOOvTWef3oeG
LjQU0ICX2wIDAQABo1MwUTAdBgNVHQ4EFgQUGwOm6LVLEeLxGMOiqVHjcehg1YQw
HwYDVR0jBBgwFoAUGwOm6LVLEeLxGMOiqVHjcehg1YQwDwYDVR0TAQH/BAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAYEAfrz2N8cMRnDpD8H6o63Sa6aVJc0soSy5dzlS
c/MLh9TvOuztWSovaDmfsshMTBH6ChZQ+XifZWwKJaf+fFaYGgcFDFwQVslzGjoS
Y2VXYSKmcfSIOpb4jkKvc4mjuxLxhi/WcKga7IVb7/xNw5uqWfJI+ndtz45AwJ/z
pzQjvAMipZwjtwAgryXhcAdBlzhSRNdysPPCDCxjQWqaI+SSWMa0Ud/frXgYeOP9
ID73qOf9rKrSjftJKXCYpXsjGykkv9GrCjJxe+usRSHXw6ddrO7aYfl7mXjsXQh+
OlhuKog8MGUOQMa2I14qn8qTPKNmMl62Qu06pYFgDez9oLPM40mEilRpNQHO/lDq
wS8J6x8Ir/Ub8a38s+VkIWGHsnvLDR/tHW0VI+RGsL10hsUbV2geIQ0CkDOJMo9k
ohlLqBf0WKr+sSRH7n/M/Kd0bccERTnr9NYl76Wuddo3v4JcIf48vYE8pUFDmCTG
RwnTN6vCnNZLvWa/+WwYLpN8KhYW
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQC4SVMmBcCUcImM
157keHRpBFBeoY5218Sp5MH7kTtAKcuxt0RrZKqvrxjk59jMplKWDsVzQrM+nAMK
6wA451vXEVBEZKkdCkp607AE8xeq756HTNu4URMrEBClVvnXCiJJa18TmkkSbgqG
F1fkLkiv0KYeqg2IpsXS5eAlk7lrbtj8ra+QAXHsGKGsH/NehK3DVcNqT9oMQAfj
scqBEZaNhPum+MpOntVf0rRXUYHgAbjADwIIqePTz3e7tIVJGstH6ZQeX6oO8Z7s
DLCUX3wSUUXeW2YzEc+zNzhy/JL4YwgFp+eBEX/M2CSS2hvg/ekz0+3zW8n8pQ81
kuuMMMHaP4l90fXMKT2rQJoepHtjBoMqRNV79hFJqkz55UyIMUcV+GPjd7EImw7W
rdSoQyFmRZNWAJCaTmq1ml6Jc1Lf+8LGJ6HAOdf0RBA6CJVcGtMSw6RgDFR6cwpj
jJOtgtOO6bVFQCsD0SsFU0aOOMMitjjjr01nn96Hhi40FNCAl9sCAwEAAQKCAYEA
hvnltcamy9I1XPwcu9hh4v0u5HDOCMt2lr0fO2OfExrJv6usqD/+KFlGEXqitxnn
CVNeWVJ0OJpKPDftXMBP6xEaSk2z87oy3Q2pMabfIesJoK2xjKmNMZA9sOwoZ9Fb
VY0YASKS/LWubZIxZMZlpKhc077X1MvZvuNxrfQp7b8tnLyWBxKX30YXPBvWw9bH
8nchfv9nhGttm97/pFM+gv7w1tYIT1dUjy+juQTQ7EI2kC0t3yyX2u5tEwVgTjAZ
j4ZNfULgro/FOB5QLZkktcKJhfkyJVBMpwOmxc/eLsT5nUR9TTXLm71E94ZEyFvU
WrOWwlYKhFLrv4StgvjJJpvo8hpzQl8HU1EbUWB5eMehyl9o9mabwVcuvifuRcdS
KvVP+v/aH+KMKhMjtoRt5iNv4bGnullGQz0xsO/ChtVeseMmpwBJtIohj+q5Ffn9
7a/UMODYce6VTxNlFGCJokwSFTiDjA4iYtCIPZA5fkxTt38kbNbJCmc4fYISp38J
AoHBAOBK/BBfkh34epifG5Y18p9HvFLp5l9g0aBlgo9UmgdiQiHZRbKLoDXbRF49
72XW3yD4Lksbv8Gu+m/+rFfoNbID2Er9A55a4t7ShoUsy11usC58hPyMKivd8HMm
TBCv2fZyGHrRdPtNXeAYfz2N3+hBN+TUClLWhxy51xsvFnjLuUFeXdfSLdd05ane
Cq9blQjQOPI9O83+U9vU7x3f2LZuV9Z43NT3KoDTy8MtWabNDViWYp+ltyi3h0Il
b0GgZwKBwQDSVogJOEeBhx0KkspR93+88vXSiAgTzhR+IfXsPT0aGDtXleTqkIOe
8LZYnQaCsL6jQtJGocWkpF140NUG6CCkg08e21avOHM5DgQ5/6XyL1aESmJ2BNJH
nyrRpGyRRGdgtcK0uomZMhYT6hh/TID4d0x3OAwghRBuS0+pGExjj8ViqkFJ1SLC
+NQvn2c7V0sCz5uS0OW0inoCs/piby2fxns7tFS+w9L6OrJhfKmn6S5A6bfwjRsl
RWLfjcU21G0CgcEAu3tSWWlZnP2/lGWizJuJk8SF0ZS8QUuPzhAr4x0npzZl6x9P
mCAIKhx/eHsy6iCC4G8zWwr17bMSmZz6eHycrZFzMbNuW+bCrtixIw6/avkEAceJ
7gRHl+VrgQUpHeWwPsU+WyNMMmeIKbKwYUZ/PAeP7hGkE3xI8iURfiKNGSnJT6/O
p4GDWg7XjncQ3WWjHPvYLfwrSlPlyuKhgYpD/rIbcCYVCVsVRxxCvYHh54CNQFhs
VeBSSpGmWQ8rgWLPAoHAQ5QJoOy0DKmcawk+d5dNMyfcUwfhkHtlmiDPIleKihe+
+STvp21G3In6C/5nWRXwKgQOCyNunLcyUN7HkrCBzFlj0kYmU6WPX4VhVkEM0ALl
iRtdBw4FgX1iBHkPaJzRmgDLzcUg8FdnQH614DB0P2AU8TjQrKIT5VvM/EcSQ+qt
QEXzNAWGZZ4MjkBoqmghcYXCNilno9nZ2YR5raaKwgrDDSujDqdb4Yl6RlgHKiuA
8NomfuLXFeJ1Id4qvrMBAoHAEA72uhRfmdJqRrZNfJ4ysUndtnQRtJAfaQH9MVbU
IeVmelc3FQGUbYH4/fCkyJEZulA2HfhAk9rvW4nJvOUjuNKt9rWzq9f63/USjpdC
WEGOWLeDA/z7JTlLGMc4jET37Dy+Vjqe4vJ6MxwuzAF/ar2SKEiKMnV6+GX+15TP
UOLbccFnKJj2DbE/Ohp8cvrCESVRjvgTTmnvr+zwuxAf2USCTtyJosx2PkPOvCK5
PP3Yr3KrJsM20fxp+btPAgYK
-----END PRIVATE KEY-----
<?php
$config = [
// This is a authentication source which handles admin authentication.
'admin' => [
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
'core:AdminPassword',
],
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
// 'default-sp' => [
// 'saml:SP',
//
// // The entity ID of this SP.
// // Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
// 'entityID' => null,
//
// // The entity ID of the IdP this SP should contact.
// // Can be NULL/unset, in which case the user will be shown a list of available IdPs.
// 'idp' => null,
//
// // The URL to the discovery service.
// // Can be NULL/unset, in which case a builtin discovery service will be used.
// 'discoURL' => null,
//
// /*
// * The attributes parameter must contain an array of desired attributes by the SP.
// * The attributes can be expressed as an array of names or as an associative array
// * in the form of 'friendlyName' => 'name'. This feature requires 'name' to be set.
// * The metadata will then be created as follows:
// * <md:RequestedAttribute FriendlyName="friendlyName" Name="name" />
// */
// /*
// 'name' => [
// 'en' => 'A service',
// 'no' => 'En tjeneste',
// ],
//
// 'attributes' => [
// 'attrname' => 'urn:oid:x.x.x.x',
// ],
// 'attributes.required' => [
// 'urn:oid:x.x.x.x',
// ],
// */
// ],
/*
'example-sql' => [
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT uid, givenName, email, eduPersonPrincipalName FROM users WHERE uid = :username ' .
'AND password = SHA2(CONCAT((SELECT salt FROM users WHERE uid = :username), :password), 256);',
],
*/
/*
'example-static' => [
'exampleauth:StaticSource',
'uid' => ['testuser'],
'eduPersonAffiliation' => ['member', 'employee'],
'cn' => ['Test User'],
],
*/
'example-userpass' => [
'exampleauth:UserPass',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => false,
//'remember.username.checked' => false,
'jacob.priddy:you thought this was my real password, didn\'t ya' => [
'first_name' => ['Jacob'],
'last_name' => ['Priddy'],
'emplid' => ['9876543'],
'email' => ['Jacob.Priddy@wallawalla.edu']
],
'test.user:test' => [
'first_name' => ['Test'],
'last_name' => ['User'],
'emplid' => ['1234567'],
'email' => ['Test.User@wallawalla.edu']
],
'preston.carman:I am young and hip' => [
'first_name' => ['Preston'],
'last_name' => ['Carman'],
'emplid' => ['69420'],
'email' => ['Preston.Carman@wallawalla.edu']
],
],
/*
'crypto-hash' => [
'authcrypt:Hash',
// hashed version of 'verysecret', made with bin/pwgen.php
'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => [
'uid' => ['prof_a'],
'eduPersonAffiliation' => ['member', 'employee', 'board'],
],
],
*/
/*
'htpasswd' => [
'authcrypt:Htpasswd',
'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
'static_attributes' => [
'eduPersonAffiliation' => ['member', 'employee'],
'Organization' => ['University of Foo'],
],
],
*/
/*
// This authentication source serves as an example of integration with an
// external authentication engine. Take a look at the comment in the beginning
// of modules/exampleauth/lib/Auth/Source/External.php for a description of
// how to adjust it to your own site.
'example-external' => [
'exampleauth:External',
],
*/
/*
'yubikey' => [
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
],
*/
/*
'facebook' => [
'authfacebook:Facebook',
// Register your Facebook application on http://www.facebook.com/developers
// App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
'api_key' => 'xxxxxxxxxxxxxxxx',
// App Secret
'secret' => 'xxxxxxxxxxxxxxxx',
// which additional data permissions to request from user
// see http://developers.facebook.com/docs/authentication/permissions/ for the full list
// 'req_perms' => 'email,user_birthday',
// Which additional user profile fields to request.
// When empty, only the app-specific user id and name will be returned
// See https://developers.facebook.com/docs/graph-api/reference/v2.6/user for the full list
// 'user_fields' => 'email,birthday,third_party_id,name,first_name,last_name',
],
*/
/*
// LinkedIn OAuth Authentication API.
// Register your application to get an API key here:
// https://www.linkedin.com/secure/developer
// Attributes definition:
// https://developer.linkedin.com/docs/fields
'linkedin' => [
'authlinkedin:LinkedIn',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
'attributes' => 'id,first-name,last-name,headline,summary,specialties,picture-url,email-address',
],
*/
/*
// Microsoft Account (Windows Live ID) Authentication API.
// Register your application to get an API key here:
// https://apps.dev.microsoft.com/
'windowslive' => [
'authwindowslive:LiveID',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
],
*/
/*
// Example of a LDAP authentication source.
'example-ldap' => [
'ldap:LDAP',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => false,
//'remember.username.checked' => false,
// The hostname of the LDAP server.
'hostname' => 'ldap.example.org',
// Whether SSL/TLS should be used when contacting the LDAP server.
'enable_tls' => true,
// Whether debug output from the LDAP library should be enabled.
// Default is FALSE.
'debug' => false,
// The timeout for accessing the LDAP server, in seconds.
// The default is 0, which means no timeout.
'timeout' => 0,
// The port used when accessing the LDAP server.
// The default is 389.
'port' => 389,
// Set whether to follow referrals. AD Controllers may require FALSE to function.
'referrals' => true,
// Which attributes should be retrieved from the LDAP server.
// This can be an array of attribute names, or NULL, in which case
// all attributes are fetched.
'attributes' => null,
// The pattern which should be used to create the users DN given the username.
// %username% in this pattern will be replaced with the users username.
//
// This option is not used if the search.enable option is set to TRUE.
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
// As an alternative to specifying a pattern for the users DN, it is possible to
// search for the username in a set of attributes. This is enabled by this option.
'search.enable' => false,
// The DN which will be used as a base for the search.
// This can be a single string, in which case only that DN is searched, or an
// array of strings, in which case they will be searched in the order given.
'search.base' => 'ou=people,dc=example,dc=org',
// The attribute(s) the username should match against.
//
// This is an array with one or more attribute names. Any of the attributes in
// the array may match the value the username.
'search.attributes' => ['uid', 'mail'],
// Additional LDAP filters appended to the search attributes
//'search.filter' => '(objectclass=inetorgperson)',
// The username & password the SimpleSAMLphp should bind to before searching. If
// this is left as NULL, no bind will be performed before searching.
'search.username' => null,
'search.password' => null,
// If the directory uses privilege separation,
// the authenticated user may not be able to retrieve
// all required attribures, a privileged entity is required
// to get them. This is enabled with this option.
'priv.read' => false,
// The DN & password the SimpleSAMLphp should bind to before
// retrieving attributes. These options are required if
// 'priv.read' is set to TRUE.
'priv.username' => null,
'priv.password' => null,
],
*/
/*
// Example of an LDAPMulti authentication source.
'example-ldapmulti' => [
'ldap:LDAPMulti',
// Give the user an option to save their username for future login attempts
// And when enabled, what should the default be, to save the username or not
//'remember.username.enabled' => false,
//'remember.username.checked' => false,
// Give the user an option to save their organization choice for future login
// attempts. And when enabled, what should the default be, checked or not.
//'remember.organization.enabled' => false,
//'remember.organization.checked' => false,
// The way the organization as part of the username should be handled.
// Three possible values:
// - 'none': No handling of the organization. Allows '@' to be part
// of the username.
// - 'allow': Will allow users to type 'username@organization'.
// - 'force': Force users to type 'username@organization'. The dropdown
// list will be hidden.
//
// The default is 'none'.
'username_organization_method' => 'none',
// Whether the organization should be included as part of the username
// when authenticating. If this is set to TRUE, the username will be on
// the form <username>@<organization identifier>. If this is FALSE, the
// username will be used as the user enters it.
//
// The default is FALSE.
'include_organization_in_username' => false,
// A list of available LDAP servers.
//
// The index is an identifier for the organization/group. When
// 'username_organization_method' is set to something other than 'none',
// the organization-part of the username is matched against the index.
//
// The value of each element is an array in the same format as an LDAP
// authentication source.
'employees' => [
// A short name/description for this group. Will be shown in a dropdown list
// when the user logs on.
//
// This option can be a string or an array with language => text mappings.
'description' => 'Employees',
// The rest of the options are the same as those available for
// the LDAP authentication source.
'hostname' => 'ldap.employees.example.org',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
],
'students' => [
'description' => 'Students',
'hostname' => 'ldap.students.example.org',
'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
],
],
*/
];
This diff is collapsed.
<?php
/**
* SAML 2.0 IdP configuration for SimpleSAMLphp.
*
* See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-hosted
*/
$metadata['__DYNAMIC:1__'] = [
/*
* The hostname of the server (VHOST) that will use this SAML entity.
*
* Can be '__DEFAULT__', to use this entry by default.
*/
'host' => '__DEFAULT__',
// X.509 key and certificate. Relative to the cert directory.
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
/*
* Authentication source to use. Must be one that is configured in
* 'config/authsources.php'.
*/
'auth' => 'example-userpass',
/* Uncomment the following to use the uri NameFormat on attributes. */
/*'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'authproc' => [
// Convert LDAP names to oids.
100 => ['class' => 'core:AttributeMap', 'name2oid'],
],*/
/*
* Uncomment the following to specify the registration information in the
* exported metadata. Refer to:
* http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/cs01/saml-metadata-rpi-v1.0-cs01.html
* for more information.
*/
/*
'RegistrationInfo' => [
'authority' => 'urn:mace:example.org',
'instant' => '2008-01-17T11:28:03Z',
'policies' => [
'en' => 'http://example.org/policy',
'es' => 'http://example.org/politica',
],
],
*/
];
<?php
/**
* SAML 2.0 remote SP metadata for SimpleSAMLphp.
*
* See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote
*/
$metadata['http://localhost:8080/simplesaml/module.php/saml/sp/metadata.php/default-sp'] = array (
'SingleLogoutService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://localhost:8080/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
),
),
'AssertionConsumerService' =>
array (
0 =>
array (
'index' => 0,
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'http://localhost:8080/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
),
1 =>
array (
'index' => 1,
'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
'Location' => 'http://localhost:8080/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp',
),
2 =>
array (
'index' => 2,
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'http://localhost:8080/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
),
3 =>
array (
'index' => 3,
'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01',
'Location' => 'http://localhost:8080/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact',
),
),
'certData' => 'MIIEwTCCAymgAwIBAgIUOBK2NqzhcX63Vj6AIoGNzzRp8WgwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xFjAUBgNVBAcMDUNvbGxlZ2UgUGxhY2UxHzAdBgNVBAoMFldhbGxhIFdhbGxhIFVuaXZlcnNpdHkxEzARBgNVBAsMCktyZXRzY2htYXIwHhcNMjAwMTIxMTAyODE1WhcNMzAwMTIwMTAyODE1WjBwMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEWMBQGA1UEBwwNQ29sbGVnZSBQbGFjZTEfMB0GA1UECgwWV2FsbGEgV2FsbGEgVW5pdmVyc2l0eTETMBEGA1UECwwKS3JldHNjaG1hcjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKSU6Xayh+chaCvKHwMuvKZcxt6QrtSfjxwHOd+xsGIrQXW/8LB9yAIalb/aKavfw6sQ+Ftt1rRXJM5QFFZiADrZuds/IHIaV+YhFH2JsBY6kmiGWzYsI0Cyq+wRW9vcuCSyYZb4r7xQw++kILD1Wg2rW7jNcq4E7Nm16tgVcQwztN4I3G7fTso9AHTv1yZRzpDzGAjiVRXWScoMx7k49QOcXrfJQzoR+jQxa4M+p4ofAIAqECJ1VlYNOIcIyT2TJXMWpwocpKG+ukxHsN/az7DmbRErn8Aw7va9FzMGaiJ2xM52j+1qNzqUOn939W3UM05fnOz/rYyJh0jTiLJv6zLj+Y5L0CCASCMOF90+jrKD0EBP0NzTy85cNHqxtisEyxio54UO3LFjKR7EecrIrmDnn1xnQ8cLIMoeU6jqw8hKtnt0aAd6Xhplnmr59Mkoc/sRRAqgM5OHbE2V5H0KwJq78a2nHTR7TWL9iVDqos07FjOzJv7zc2510DT93fCKrQIDAQABo1MwUTAdBgNVHQ4EFgQUiVs1Pj0+Hf67NHYkh5QAQ8pk7vcwHwYDVR0jBBgwFoAUiVs1Pj0+Hf67NHYkh5QAQ8pk7vcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEASF3ITaDiuuSLmDBzFQpVZcOQfiKu1UC4cLSdz8E5pWHdm+ZPsjQFlrGt4fz+QAG5IcaCmBmpm+uuJkY8kPCrHlX5GYIDCr17RYAfTBiergdTLrH0UN+r7s0S9bvw33a4WAeq8sviE4oE742hCgHfxhDHcux2mAULeYQr7YWubfWLvVrJ7/ibIT/cLscRBmBEDQwxSIFpnQlcmmvEquVfec15twKyk6GB4/gIVylBlWixdYP1qIbMsUClXNNJY9kSERKcUxicX609n0L5eJ5AcScPuuNewKxy5vO0FsK9YrrITwJ1HPyv3JfIm71Dw/zQwl+pk97IF5Yz9oTQpsXD62PtxU+0HUZQhQZRUOyqoGlp9fRe95/mOV+ljdUa+n7PfiVL4eIocmGXAGgxeaeARGCB3lYUO9dfxoK4l2AtWgnPq5jMexm+m5DimLkC+kLViYkrN/dzLMgYREBoyY6cB9HjYI1qd3KKk6wUDwKtQp729pKLY7Mnw26U0AHCPYBn',
);
-----BEGIN CERTIFICATE-----
MIIEwTCCAymgAwIBAgIUOBK2NqzhcX63Vj6AIoGNzzRp8WgwDQYJKoZIhvcNAQEL
BQAwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xFjAUBgNVBAcM
DUNvbGxlZ2UgUGxhY2UxHzAdBgNVBAoMFldhbGxhIFdhbGxhIFVuaXZlcnNpdHkx
EzARBgNVBAsMCktyZXRzY2htYXIwHhcNMjAwMTIxMTAyODE1WhcNMzAwMTIwMTAy
ODE1WjBwMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEWMBQGA1UE
BwwNQ29sbGVnZSBQbGFjZTEfMB0GA1UECgwWV2FsbGEgV2FsbGEgVW5pdmVyc2l0
eTETMBEGA1UECwwKS3JldHNjaG1hcjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC
AYoCggGBAKSU6Xayh+chaCvKHwMuvKZcxt6QrtSfjxwHOd+xsGIrQXW/8LB9yAIa
lb/aKavfw6sQ+Ftt1rRXJM5QFFZiADrZuds/IHIaV+YhFH2JsBY6kmiGWzYsI0Cy
q+wRW9vcuCSyYZb4r7xQw++kILD1Wg2rW7jNcq4E7Nm16tgVcQwztN4I3G7fTso9
AHTv1yZRzpDzGAjiVRXWScoMx7k49QOcXrfJQzoR+jQxa4M+p4ofAIAqECJ1VlYN
OIcIyT2TJXMWpwocpKG+ukxHsN/az7DmbRErn8Aw7va9FzMGaiJ2xM52j+1qNzqU
On939W3UM05fnOz/rYyJh0jTiLJv6zLj+Y5L0CCASCMOF90+jrKD0EBP0NzTy85c
NHqxtisEyxio54UO3LFjKR7EecrIrmDnn1xnQ8cLIMoeU6jqw8hKtnt0aAd6Xhpl
nmr59Mkoc/sRRAqgM5OHbE2V5H0KwJq78a2nHTR7TWL9iVDqos07FjOzJv7zc251
0DT93fCKrQIDAQABo1MwUTAdBgNVHQ4EFgQUiVs1Pj0+Hf67NHYkh5QAQ8pk7vcw
HwYDVR0jBBgwFoAUiVs1Pj0+Hf67NHYkh5QAQ8pk7vcwDwYDVR0TAQH/BAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAYEASF3ITaDiuuSLmDBzFQpVZcOQfiKu1UC4cLSd
z8E5pWHdm+ZPsjQFlrGt4fz+QAG5IcaCmBmpm+uuJkY8kPCrHlX5GYIDCr17RYAf
TBiergdTLrH0UN+r7s0S9bvw33a4WAeq8sviE4oE742hCgHfxhDHcux2mAULeYQr
7YWubfWLvVrJ7/ibIT/cLscRBmBEDQwxSIFpnQlcmmvEquVfec15twKyk6GB4/gI
VylBlWixdYP1qIbMsUClXNNJY9kSERKcUxicX609n0L5eJ5AcScPuuNewKxy5vO0
FsK9YrrITwJ1HPyv3JfIm71Dw/zQwl+pk97IF5Yz9oTQpsXD62PtxU+0HUZQhQZR
UOyqoGlp9fRe95/mOV+ljdUa+n7PfiVL4eIocmGXAGgxeaeARGCB3lYUO9dfxoK4
l2AtWgnPq5jMexm+m5DimLkC+kLViYkrN/dzLMgYREBoyY6cB9HjYI1qd3KKk6wU
DwKtQp729pKLY7Mnw26U0AHCPYBn
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQCklOl2sofnIWgr
yh8DLrymXMbekK7Un48cBznfsbBiK0F1v/CwfcgCGpW/2imr38OrEPhbbda0VyTO
UBRWYgA62bnbPyByGlfmIRR9ibAWOpJohls2LCNAsqvsEVvb3LgksmGW+K+8UMPv
pCCw9VoNq1u4zXKuBOzZterYFXEMM7TeCNxu307KPQB079cmUc6Q8xgI4lUV1knK
DMe5OPUDnF63yUM6Efo0MWuDPqeKHwCAKhAidVZWDTiHCMk9kyVzFqcKHKShvrpM
R7Df2s+w5m0RK5/AMO72vRczBmoidsTOdo/tajc6lDp/d/Vt1DNOX5zs/62MiYdI
04iyb+sy4/mOS9AggEgjDhfdPo6yg9BAT9Dc08vOXDR6sbYrBMsYqOeFDtyxYyke
xHnKyK5g559cZ0PHCyDKHlOo6sPISrZ7dGgHel4aZZ5q+fTJKHP7EUQKoDOTh2xN
leR9CsCau/Gtpx00e01i/YlQ6qLNOxYzsyb+83NuddA0/d3wiq0CAwEAAQKCAYBO
dRaemRkkW86XIXGLSNpxzESZkQtnHPFSATfbpY9aHRjFk0ygNjYEmrvMi6nV34Qd
pqdenov9yJUpLQ+k5m8JnwV0uTE0c853TEnCVsL0tdNZtMMCniPoEcTXcqcBtsSp
6ceP+tl7wlzFfs5+zVeysH+3J2mF/58RYiGkBQSxNm0Ac+Txjc63pkDzfepowBLj
Ep/gjFTXZiIjCdikObzDjeWxY2aC5lMKUozYMiQYOhM5BdRPOPSBbSgHZ27Xxa8O
6q5GdaEBYlHsyv/mEHQKOr4wlk/darPrKUyg29iwc4hnh/swTnoBZCsw/6b0M3Ms
/JHur/dkppbTLIKNfQ5OqHT3K7myxrdvAAQlC2OV8pVyS+DpfhzUZxufUUG5jgeR
Qh6mK9qOTnYp8yLzNxzLgGQ8VH3SM/FoHmWGCMU