bootstrap-v4.ini

[main]
############################ BOOTSTRAP CONFIGURATION ###########################
#
#             MANDATORY SECTION - YOU MUST REVIEW AND SET EACH VALUE
#             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Specify the entity ID (technical name) of the IdP. This value is optional and
# can be left unset. If usent, the entity ID will be created based on the HOST_NAME
# value below.
#ENTITY_ID=https://idp.example.edu/idp/shibboleth

#  Specify the externally facing address for this IdP. Typically you would have
#  a DNS entry for this. Do *NOT* use 'localhost' or any other local address.
#HOST_NAME=idp.example.edu

#  The federation environment
#  Allowable values: {test, production} (case-sensitive)
ENVIRONMENT=production

#  Your organisation's name
#ORGANISATION_NAME="The University of Example"

#  The base domain for your organisation
#ORGANISATION_BASE_DOMAIN=example.edu

#  Your schacHomeOrganizationType.
#  See http://www.terena.org/activities/tf-emc2/schacreleases.html
#  Relevant values are:
#   urn:mace:terena.org:schac:homeOrganizationType:au:university
#   urn:mace:terena.org:schac:homeOrganizationType:au:research-institution
#   urn:mace:terena.org:schac:homeOrganizationType:au:other
#HOME_ORG_TYPE=urn:mace:terena.org:schac:homeOrganizationType:pk:university

#  The attribute used for AuEduPersonSharedToken, eduPersonTargetedId and
#  the persistent Name ID value generation.
#
#  IMPORTANT: The generation of AuEduPersonSharedToken and EduPersonTargetedId
#  require the value from the specified source attribute. If the value changes,
#  it will change the AuEduPersonSharedToken and EduPersonTargetedId. This will
#  cause the user to lose access in the federation. It is *critical* that you
#  specify an attribute that will never change.
#
# Generally use uid for most LDAP servers and sAMAccountName for MS Active
# Directory. In some situations the directory will use cn (commonName) to hold
# the user's unique login name.
#
# The attribute choose MUST provide a unique single value for ALL users. If
# this is not the case no value will be provided for the auEduPersonSharedToken.
#
SOURCE_ATTRIBUTE_ID=sAMAccountName

# The attribute used to generate the subject ID and pairwise ID attributes.
# These are new attributes values that will eventually replace eduPersonTargetedID
# and may replace auEduPersonSharedToken.
#
# These attributes will be created on the fly and based on the persistent attribute 
# that MUST have the following properties:
#    * Persistent - NEVER changes once assigned to a user
#    * Non-reassignable  - Is NEVER reassigned to another user
#    * Opaque - Does NOT allow the relying party to positively identify the subject
#
# If your Identity system does not currently have such an attribute provided for
# each user you MUST leave the following value blank. 
#
# WARNING: Once you have assigned a value, you can NOT change it. If it does change
#          all of your users' identities will change!
#
PERSISTENT_ATTRIBUTE_ID=sAMAccountName

# Perform a system update as part of the bootstrap and every time you run
# the update-idp script to ensure all of your operating system software is
# patched and up to date. Setting this value to "true" is recommended.
# Valid values are either "true" or "false".
OS_UPDATE=true

[logging]
#
# These settings allow the IdP to send anonomitized FTicks logs to the AAF central
# log server. These logs will be used to generate federation utilization reports.
# Please contact support@aaf.edu.au to obtain the key_id and secret_key values for
# the values below. You can complete this configuration later by adding the value
# to your host_vars/[server_domain] file and running the deploy script.
#
#FTICKS_KEY_ID=
#
#FTICKS_SECRET_KEY=

[ldap]
#                             OPTIONAL SECTION
#                             ~~~~~~~~~~~~~~~~
#  LDAP address Shibboleth IdP will connect to
#LDAP_URL=ldap://ldap.example.edu:389

#  Point from where LDAP will search for users
#LDAP_BASE_DN="ou=Users,dc=example,dc=edu"

#  The administrator's bind dn
#LDAP_BIND_DN="cn=Manager,dc=example,dc=edu"

#  The adminstrator's password
#  Note: If any of the following special characters appear in your
#        password you must add an escape "\" before each one.
#        The special characters are
#           - $ (Dollars),
#           - " (Double quote),
#           - / (Forward Slash)
#        Back Slash MUST never be used!
#  The password: 'ReQ$-"/xxp4' would be entered as 'ReQ\$-\"\/xxp4'
#
#LDAP_BIND_DN_PASSWORD="p@ssw0rd"

#  Specify the attribute for user queries
#
# Generally use uid for most LDAP servers and sAMAccountName for MS Active
# Directory. In some situations the directory will use cn (commonName) to hold
# the user's unique login name.
#
#LDAP_USER_FILTER_ATTRIBUTE="sAMAccountName"

[advanced]
#                            ADVANCED SECTION
#                            ~~~~~~~~~~~~~~~~

# The base path for Shibboleth and the IdP Installer configuration.
# Changing the base path MUST only occur here, do not attempt to change
# the base after the initial install.
INSTALL_BASE=/opt

# Select the local Firewall that will be running on your server. The default
# is firewalld which is the default for CentOS and RHEL 7. Some organisations
# have selected to maintain iptables. You can also select to not have the
# installer maintain your local firewall but this is definitly NOT recommended.
# Relevant values are:
#    firewalld (default)
#       Adds ports 433 (https) and 8443 (IdP backchannel) ports to the
#       firewalld config. All other configuration remains unchanged.
#    iptables
#       Adds ports 22 (ssh), 443 (https) and 8443 (IdP backchannel) ports
#       to the iptables config. Other firewall settings may be overwritten!
#    none
#       You are responsible for the maintance of the servers firewall. No
#       changes to the local firewall are made in this mode.
#
FIREWALL=firewalld

#

# The Shibboleth IdP can provide a back channel for Service Providers to
# communicate directly with the Identity Provider. This has been used for
# attribute release, transmission of messages via SAML Artifact and more recently
# for backchannel SLO. The AAF have idenified that none of the use cases for
# the backchannel are relevant to operation within the AAF, and therefore
# recommend it no longer be enabled by default. If it is required, for example
# for a standalone Attribute Authority service, then setting the following to true
# will enable configuration for the backchannel.
#
ENABLE_BACKCHANNEL=false


#

# Enable your IdP to participate in eduGAIN (https://aaf.edu.au/edugain/). Your
# orgainisation must be enabled at the federation before being enabled to use
# eduGAIN services. Setting the following values to true will only technically
# enable your IdP. You MUST complete the steps described AAF eduGAIN web site in
# addition to making the technical changes.
#
ENABLE_EDUGAIN=true

#

# If your IdP is behind a load balancer that is SSL Offloading, set the following
# value to true. The will enable the IdP to recieve requests on port 80 from the
# load balancer. Note: The IdP MUST be within your DMZ or similarly protected area
# that will not allow general access to port 80 on the IdP.

IDP_BEHIND_PROXY=false

#

# The following option allows you to downgrade encryption from GCM to CBC for all
# services. Some older services will fail as they are unable to process newer 
# encryption. The recommended approach is to leave the default set at GMC, and 
# carve out exceptions for each SP that doesn't support GCM. Use the he Algorithm 
# Metadata Filter (https://wiki.shibboleth.net/confluence/display/IDP4/AlgorithmFilter)
# to achieve this. 
#
# Changing the global setting to CBC is is NOT recommended for production deployments! 
# Please see: https://wiki.shibboleth.net/confluence/display/IDP4/GCMEncryption for
# more details.

DEFAULT_ENCRYPTION=GCM
# Lets Encrypt Configuration
# Change Domain name and Email as per your University
DOMAIN_NAME=idp.pern.edu.pk
ACME_EMAIL=waqas.ahmed0@gmail.com